Simon Josefsson
2024-09-26 19:00:01 UTC
Reply
PermalinkSeverity: wishlist
* Package name : ssh-tpm-agent
Version : 0.6.0-1
Upstream Author : Morten Linderud
* URL : https://github.com/foxboron/ssh-tpm-agent
* License : Expat
Programming Lang: Go
Description : ssh-agent for TPMs
SSH agent for TPM
.
ssh-tpm-agent is a ssh-agent compatible agent that allows keys to be
created by the Trusted Platform Module (TPM) for authentication towards
ssh servers.
.
TPM sealed keys are private keys created inside the Trusted Platform
Module (TPM) and sealed in .tpm suffixed files. They are bound to the
hardware they are produced on and can't be transferred to other
machines.
.
This allows you to utilize a native client instead of having to side
load existing PKCS11 libraries into the ssh-agent and/or ssh client.
.
The project uses TPM 2.0 Key Files
(https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html)
implemented through the go-tpm-keyfiles (https://github.com/Foxboron/go-tpm-
keyfiles) project.
.
Features
.
* A working ssh-agent.
* Create shielded ssh keys on the TPM.
* Creation of remotely wrapped SSH keys for import.
* PIN support, dictionary attack protection from the TPM allows you to
use low entropy PINs instead of passphrases.
* TPM session encryption.
* Proxy support towards other ssh-agent servers for fallbacks.
/Simon