testssl.sh VS yubikey-agent

Compare testssl.sh vs yubikey-agent and see what are their differences.

yubikey-agent

yubikey-agent is a seamless ssh-agent for YubiKeys. (by FiloSottile)
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
testssl.sh yubikey-agent
43 15
7,577 2,551
- -
8.8 0.0
6 days ago 4 months ago
Shell Go
GNU General Public License v3.0 only BSD 3-clause "New" or "Revised" License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

testssl.sh

Posts with mentions or reviews of testssl.sh. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-03-02.

yubikey-agent

Posts with mentions or reviews of yubikey-agent. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-07-29.
  • Show HN: SSH-tpm-agent – SSH agent for TPMs
    5 projects | news.ycombinator.com | 29 Jul 2023
    This is a great idea. I now exclusively use SSH keys on hardware security modules of some kind. I use "Secretive", a mac app that does the same, plus a yubikey using yubikey-agent (https://github.com/FiloSottile/yubikey-agent; there are too many complicated ways to use SSH keys with a yubikey this is one of the friendliest ones). Depending on the security and frequency of which I access the service impacts whether I need presence confirmation or use secretive versus the yubikey.

    I would be remiss to mention there are existing SSH TPM projects, not sure how this one differentiates. It seems to at least have the user experience pretty simple, similar to yubikey-agent (and secretive), and unlike some of the existing solutions which have quite a few extra steps:

  • Secretive: Store SSH Keys in the Secure Enclave
    4 projects | news.ycombinator.com | 9 Mar 2023
    Also check out https://github.com/FiloSottile/yubikey-agent which simplifies the setup quite a bit.
  • Am I the only one who's nervous when SSH-agent forwarding?
    2 projects | /r/sysadmin | 23 Sep 2022
    I have the same concern. I modified Pageant (Windows agent) so that it prompts me before signing anything which helps ease my mind, I only approve when I know I'm connecting to a new server. There are also options like requiring a Yubikey too (https://github.com/FiloSottile/yubikey-agent)
  • Failed to fetch key with ECDSA keys via libykcs11.dll
    2 projects | /r/yubikey | 23 Jun 2022
    Aging MBP, Intel based, Monterey 12.3.1 uname -v Darwin Kernel Version 21.4.0: Fri Mar 18 00:45:05 PDT 2022; root:xnu-8020.101.4~15/RELEASE_X86_64 brew info yubikey-agent yubikey-agent: stable 0.1.5 (bottled), HEAD Seamless ssh-agent for YubiKeys and other PIV tokens https://filippo.io/yubikey-agent /usr/local/Cellar/yubikey-agent/0.1.5 (7 files, 4.8MB) * ...
    2 projects | /r/yubikey | 23 Jun 2022
    for ssh-keygen -D /path/libykcs11.2.3.0.dylib I get a bunch of "unknown certificate key type"/"failed to fetch key" messsages and info about a ssh-rsa Public key for PIV Attestation, no mentioning of my ECC key. Use a different SSH agent. For a test I recommend you try https://filippo.io/yubikey-agent on a Mac (install it from homebrew), it works perfectly for me. Just remember it reads the key only from slot 9a and none other (unless you change source and recompile).
  • How to Store an SSH Key on a Yubikey
    13 projects | news.ycombinator.com | 30 May 2022
    Unless I've missed something, SSH keys stored on Yubikeys are still hampered because you aren't allowed to a touch policy of "touch never".

    Imagine needing to touch the Yubikey with each "git pull" or using Ansible to operate over SSH on a dozen servers in parallel, and needing to touch the Yubikey once for each server.

    The feature request I'm tracking is here: https://github.com/FiloSottile/yubikey-agent/issues/95

    The proposed feature would allow setting a touch policy for the SSH key.

    13 projects | news.ycombinator.com | 30 May 2022
  • FreeBSD SSH Hardening
    9 projects | news.ycombinator.com | 15 Sep 2021
  • Yubikey PIV encrypted messaging system
    4 projects | /r/crypto | 27 Aug 2021
    If you can do ssh, you can sign messages: https://github.com/FiloSottile/yubikey-agent
  • Question: unplugging security key during SSH session
    2 projects | /r/yubikey | 24 Aug 2021
    use yubikey-agent

What are some alternatives?

When comparing testssl.sh and yubikey-agent you can also consider the following projects:

aws-vault - A vault for securely storing and accessing AWS credentials in development environments

https-ssl-cert-check-zabbix - Script to check validity and expiration of TLS/SSL certificate on hosts. May be used with Zabbix or standalone.

wsl-ssh-agent - Helper to interface with Windows ssh-agent.exe service from Windows Subsystem for Linux (WSL)

authelia - The Single Sign-On Multi-Factor portal for web apps

age-plugin-yubikey - YubiKey plugin for age

ssh-audit - SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

kubernetes-the-hard-way - Bootstrap Kubernetes the hard way on Google Cloud Platform. No scripts.

win-gpg-agent - [DEPRECATED] Windows helpers for GnuPG tools suite

ssh-audit - SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

piv-agent - An SSH and GPG agent which you can use with your PIV hardware security device (e.g. a Yubikey).