Our great sponsors
-
Warp
Warp is a modern, Rust-based terminal with AI built in so you and your team can build great software, faster.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
nym
Nym provides strong network-level privacy against sophisticated end-to-end attackers, and anonymous transactions using blinded, re-randomizable, decentralized credentials.
This makes me wonder about newer terminal emulators on maccOS like Warp[1], and if they're for example taking all input locally, and then sending it over the remote host in a single blob or not? I imagine doing so would possibly break any sort of raw-mode input being done on remote host but I'd also imagine that is a detectable situation in which you could switch into a raw keystroke feed as well.
[1]: https://warp.dev
https://github.com/ggerganov/kbd-audio
It's quite good at decoding my own typing, although I am a quite aggressive typist and that may help. I haven't tried it on others, though (honest, officer).
> Maybe the SSH agent on the client can re-authenticate to the server when requested?
There is a PAM module that does this: https://github.com/jbeverly/pam_ssh_agent_auth
Note that this is a bad idea from the security standpoint, as it requires SSH agent forwarding. Which means that, if the remote server is compromised, the attacker can use your SSH agent to log into other servers as you.
Related posts
- This scary AI recognizes passwords by the sound of your typing
- Keytap: Acoustic Keyboard Eavesdropping
- MouthPad – In-Mouth Bluetooth Mouse Uses Tongue Sensitive Trackpad
- ggerganov/kbd-audio: 🎤⌨️ Acoustic keyboard eavesdropping
- Keytap2 – acoustic keyboard eavesdropping based on language n-gram frequencies