Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
>so I've been working on extending our support for hardware-backed SSH certificates to Windows
Interesting work & I wish him luck. The ability to use hardware SSH certs on Windows has been around for at least a decade now, but it hasn't been a seamless experience.
The other attempt I'm aware of is PuTTY-CAC[0]. The issue with PuTTY-CAC is that the server still needs to be configured to check the certificate against CRLs & PKI infrastructure. Even without that, it is still used in security-conscious organizations, like the US Department of Veteran Affairs [1], for example.
[0] https://github.com/NoMoreFood/putty-cac
[1] https://www.oit.va.gov/Services/TRM/ToolPage.aspx?tid=8714#
If that project https://github.com/buptczq/WinCryptSSHAgent had a pin timeout, it would be the perfect Windows ssh agent. It support named pipe, pagent shared memory and a UNIX socket under WSL2 using Hyper-V and socat.
> Git for Windows is built on top of msys2, which in turn is built on top of Cygwin.
you can get native Windows Git as well. its called MinGit:
https://github.com/git-for-windows/git/releases/tag/v2.42.0....