guardian-agent

[beta] Guardian Agent: secure ssh-agent forwarding for Mosh and SSH (by StanfordSNR)
Add to my DEV experience Suggest topics
Source Code
guardian-agent Reviews
Suggest alternative
Edit details
Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
Sponsored

Guardian-agent Alternatives

Similar projects and alternatives to guardian-agent

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better guardian-agent alternative or higher similarity.
Suggest an alternative to guardian-agent

guardian-agent reviews and mentions

Posts with mentions or reviews of guardian-agent. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-09-18.
  • Restricting SSH Agent Keys
    1 project | news.ycombinator.com | 5 Jan 2022
    https://github.com/StanfordSNR/guardian-agent

    The problem basically is the current agent forwarding protocol doesn't have a way to reliably identify the source and remote host that can't be spoofed. guardian-agent tries to do that using some extra software, this linked SSH proposal is to add that to SSH but it will require software upgrades even to the sshd of the intermediate and remote hosts - it's not ideal that it can't just work out of the box - but I welcome this we just need to get it done now for later.

    I frequently finding myself thinking about adding useful things to software I want to use now and go well it will be years before its on every host I use and can be used reliably. I have had this thought on and off for more than a decade. Ship some new stuff, it'l be great later :D

  • The pitfalls of using SSH-agent, or how to use an agent safely
    3 projects | news.ycombinator.com | 18 Sep 2021
    ObPlug for Guardian Agent, which is basically "safe" ssh-agent forwarding (and works with Mosh and SSH): https://github.com/StanfordSNR/guardian-agent

    The basic story is that ssh-agent really just exposes a primitive of "please sign this challenge," which is useful locally, but the protocol wasn't designed to be forwarded. If requests are coming from a semi-trusted intermediary host, the protocol doesn't tell the agent (a) what remote server is being authenticated to [i.e., who generated the challenge?], or (b) what command is going to be executed. It doesn't even really know (c) what (semi-trusted) host has forwarded the challenge?

    Guardian Agent is a sort of hack that allows the agent to know (a), (b), and (c) before deciding whether to grant or deny the request, and you can set up policies like, "I'd like to allow `jump host x` to use to run "git pull" when talking to `git server y`, but that's it." The basic ssh-agent protocol just doesn't have enough info to be able to do something like that.

  • Mosh: The Mobile Shell
    15 projects | news.ycombinator.com | 11 Aug 2021
    there is a fork with port forwarding support https://github.com/rinne/mosh and a PR with a long discussion https://github.com/mobile-shell/mosh/pull/696 on why it's not merged

    you can compile them yourself or if you want to skip the step I recently set up GitHub actions to compile linux binaries of this [1][2], tested by a sample of 1 so no guarantees it works, was planning on doing a tap PR/tap of it at some point

    also the official developers have been involved a project to solve this while improving the whole-agent approval things also https://github.com/StanfordSNR/guardian-agent , but I couldn't get it to work which is why I tried the fork and got that working

    [1] https://github.com/gnyman/mosh/actions/runs/1068715036

  • AskReddit: is there such a thing as async SSH that allows for zero latency typing? (explanation in text)
    2 projects | /r/commandline | 13 Mar 2021
    ‘mosh’ is amazing for this, although I had to stop using it years ago because it didn’t support key forwarding. Apparently, there’s now a solution for that: https://github.com/StanfordSNR/guardian-agent
  • A note from our sponsor - InfluxDB
    www.influxdata.com | 18 Apr 2024
    Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Stats

Basic guardian-agent repo stats
5
433
0.0
9 months ago

StanfordSNR/guardian-agent is an open source project licensed under BSD 3-clause "New" or "Revised" License which is an OSI approved license.

The primary programming language of guardian-agent is Go.

Popular Comparisons

  1. guardian-agent VS Mosh
  2. guardian-agent VS openssh-portable
  3. guardian-agent VS muxile
  4. guardian-agent VS mosh
  5. guardian-agent VS DomTerm
  6. guardian-agent VS mac-ssh-confirm
  7. guardian-agent VS widecharwidth
  8. guardian-agent VS ssh-agent

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com