Zero Effort Private Key Compromise: Abusing SSH-Agent for Lateral Movement

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
SSH Mac secure-enclave Security

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • secretive

    Store SSH keys in the Secure Enclave

    • Good find! I was always curious how this worked.

    I'm a big fan of tools like secretive[1] that can help solve this problem by using biometrics to shift the UX/security trade-off and thus make it feasible to always require some kind of authentication to sign a token with a key.

    I'm not aware of any tools that do the same for Linux, and a quick Google search doesn't turn up much[2]. It does look like you can at least get a notification[3], though.

    This could provide another layer of protection on the user's endpoint device in addition the network monitoring called out in the article. Defense in depth, and all that.

    [1] https://github.com/maxgoedjen/secretive

    [2] https://unix.stackexchange.com/questions/705144/unlock-an-ss...

    [3] https://www.insecure.ws/2013/09/25/ssh-agent-notification.ht...

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts