Ssh-agent-pkcs11 Alternatives

Similar projects and alternatives to ssh-agent-pkcs11

age

213 15,264 5.5 Go ssh-agent-pkcs11 VS age

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
sops

149 15,019 9.2 Go ssh-agent-pkcs11 VS sops

Simple and flexible tool for managing secrets
InfluxDB

www.influxdata.com
sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
cargo-crev

55 2,025 7.9 Rust ssh-agent-pkcs11 VS cargo-crev

A cryptographically verifiable code review system for the cargo (Rust) package manager.
git-crypt

50 7,964 0.0 C++ ssh-agent-pkcs11 VS git-crypt

Transparent file encryption in git
rage

36 2,310 9.1 Rust ssh-agent-pkcs11 VS rage

A simple, secure and modern file encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.
rekor

29 832 9.7 Go ssh-agent-pkcs11 VS rekor

Software Supply Chain Transparency Log
trezor-agent

9 557 5.4 Python ssh-agent-pkcs11 VS trezor-agent

Hardware-based SSH/GPG/age agent
WorkOS

workos.com
sponsored

The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
whoami.filippo.io

6 2,174 0.0 Go ssh-agent-pkcs11 VS whoami.filippo.io

A ssh server that knows who you are. $ ssh whoami.filippo.io
ssi

2 175 5.4 Rust ssh-agent-pkcs11 VS ssi

Core library for decentralized identity.
stakesign

1 2 4.1 Python ssh-agent-pkcs11 VS stakesign

Sign files via blockchain + put your money where your mouth is
yubage

2 25 0.0 Go ssh-agent-pkcs11 VS yubage

`age-plugin-yubikey` implementation, encrypt things with a Yubikey/any PIV card

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better ssh-agent-pkcs11 alternative or higher similarity.

Suggest an alternative to ssh-agent-pkcs11

ssh-agent-pkcs11 reviews and mentions

Posts with mentions or reviews of ssh-agent-pkcs11. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-11-13.

It's Now Possible to Sign Arbitrary Data with Your SSH Keys
15 projects | news.ycombinator.com | 13 Nov 2021

It hasn't been able to do it in a meaningful way.
I've been patching support for this into ssh-agent for about a decade. I wrote a PKCS#11 module which talks to the SSH agent socket to forward your smartcard [0]. Doing so requires three changes to the protocol:
1. The ability to sign arbitrary data and get back the signed result [1]; normally you get back a hashed result [2].
2. The ability to decrypt data, this is what you said. This is less important since many things only require signatures (and not all algorithms support encryption/decryption).
3. The ability to request your certificates [3] [4] this one is kinda obvious.
The benefits of this are that you can use your smartcard on the remote host to do fully authenticated password-less sudo with pam_pkcs11. You can also do anything else that requires you to use your private key to be used, which can include fetching files (TLS client certificate authentication).
Within the US Government, passwords have been being phased out since 2004, but the requirements for authenticated privilege elevation remain.
Another way to accomplish this is to use SSH forwarding of your PC/SC socket but that's less portable and more fragile (and even less secure).
[0] https://github.com/rkeene/ssh-agent-pkcs11
[1] https://cackey.rkeene.org/fossil/artifact/0d0e90bbfdee672c?l...
[2] https://datatracker.ietf.org/doc/html/draft-miller-ssh-agent...
[3] https://cackey.rkeene.org/fossil/artifact/0d0e90bbfdee672c?l...
[4] https://datatracker.ietf.org/doc/html/rfc6187#section-2.1