hko,
@hko@fosstodon.org avatar

I just released https://crates.io/crates/openpgp-card-ssh-agent version 0.2.0, an agent for card users.

It contains exciting UX changes: after one-time initial setup, no user interaction is required.

The User PIN for cards is persisted in platform-specific secret storage. For all users whose threat model allows persisting PINs on the host (presumably most), this removes pin entry.

Required touch confirmation on the card (if enabled) is signaled with desktop notifications.

hko, (edited )
@hko@fosstodon.org avatar

To install:

$ cargo install openpgp-card-ssh-agent

Run the agent:

$ openpgp-card-ssh-agent -H unix://$XDG_RUNTIME_DIR/ocsa.sock &

Use the agent:

$ export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/ocsa.sock
$ ssh <hostname>

One-time setup of User PIN storage:

$ ssh-add -s 0000:01234567

(On Linux you'll need a running "Secret Service" provider, e.g. GNOME Keyring, for PIN storage)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • rust
  • Durango
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • khanakhh
  • InstantRegret
  • Youngstown
  • ngwrru68w68
  • slotface
  • rosin
  • tacticalgear
  • mdbf
  • kavyap
  • modclub
  • JUstTest
  • osvaldo12
  • ethstaker
  • cubers
  • normalnudes
  • everett
  • tester
  • GTA5RPClips
  • Leos
  • cisconetworking
  • provamag3
  • anitta
  • megavids
  • lostlight
  • All magazines
    •