GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → thcipriani → sshecret

thcipriani / sshecret

Licence: GPL-3.0 license
I can keep a SSHecret

Programming Languages

python
139335 projects - #7 most used programming language

Labels

sshssh-agentssh-keygenssh-agent-forwarding

Projects that are alternatives of or similar to sshecret

piv-agent
An SSH and GPG agent which you can use with your PIV hardware security device (e.g. a Yubikey).
Stars: ✭ 31 (-44.64%)
Mutual labels:  ssh, ssh-agent
ssh-agent-inject
[Note: Not needed with VS Code anymore.] Forwards the host's ssh-agent into a Docker container on Windows and macOS hosts.
Stars: ✭ 20 (-64.29%)
Mutual labels:  ssh-agent, ssh-agent-forwarding
win-gpg-agent
[DEPRECATED] Windows helpers for GnuPG tools suite
Stars: ✭ 214 (+282.14%)
Mutual labels:  ssh-agent, ssh-agent-forwarding
zsh-ssh-agent
Ssh-agent management for zsh
Stars: ✭ 19 (-66.07%)
Mutual labels:  ssh, ssh-agent
wsl-agent-bridge
WSL compatibility bridge for ssh-agent on Windows
Stars: ✭ 17 (-69.64%)
Mutual labels:  ssh, ssh-agent
Awesome Ssh
💻 A curated list of SSH resources.
Stars: ✭ 1,742 (+3010.71%)
Mutual labels:  ssh, ssh-agent
Yubikey Agent
yubikey-agent is a seamless ssh-agent for YubiKeys.
Stars: ✭ 1,744 (+3014.29%)
Mutual labels:  ssh, ssh-agent
trezor-ssh-agent
Trezor SSH Agent for Windows (Putty, WinSCP and more) + KeepKey supported!
Stars: ✭ 54 (-3.57%)
Mutual labels:  ssh, ssh-agent
The-Learning-Documentation-Project
This documentation is about the new learning(s) and issue(s) resolvings on different aspects of academic, professional and personal thoughts. It includes(or/with links): Research topics(& resources), Programming(issues and code), Advanced Linux commands, Networking commands, bash script command utilization, Linux packages(& scripts), Machinine l…
Stars: ✭ 27 (-51.79%)
Mutual labels:  ssh-agent
consrv
Command consrv is a SSH to serial console bridge server, originally designed for deployment on gokrazy.org devices. Apache 2.0 Licensed.
Stars: ✭ 76 (+35.71%)
Mutual labels:  ssh
ansibleconnect
Connect to all hosts from the inventory with one command
Stars: ✭ 25 (-55.36%)
Mutual labels:  ssh-agent
terraform-google-nomad
📗 Terraform Module for Nomad clusters with Consul on GCP
Stars: ✭ 63 (+12.5%)
Mutual labels:  ssh
ssh-keygen-web
Generate a key-pair of ssh-keygen on Web browser
Stars: ✭ 36 (-35.71%)
Mutual labels:  ssh-keygen
Ssh
ssh员工管理系统
Stars: ✭ 252 (+350%)
Mutual labels:  ssh
reverse-ssh
Statically-linked ssh server with reverse shell functionality for CTFs and such
Stars: ✭ 548 (+878.57%)
Mutual labels:  ssh
kubectl-plugin-ssh-jump
A kubectl plugin to access nodes or remote services using a SSH jump Pod
Stars: ✭ 117 (+108.93%)
Mutual labels:  ssh-agent
ssh
A file transfer application
Stars: ✭ 18 (-67.86%)
Mutual labels:  ssh
Mallory
HTTP/HTTPS proxy over SSH
Stars: ✭ 251 (+348.21%)
Mutual labels:  ssh
ssh-agent
A shell script that loads ssh-agent and keys into each terminal session of a workstation
Stars: ✭ 15 (-73.21%)
Mutual labels:  ssh-agent
essh
Extended ssh command
Stars: ✭ 42 (-25%)
Mutual labels:  ssh
View All Similar Projects ➔

SSHecret

Github workflow badge

Don't worry, I can keep a sshecret (photo credit: the Nationaal Archief, the Dutch National Archives, and Spaarnestad Photo, via Wikimedia Commons)

If you have an encrypted ssh key for each domain you access (you should), and you keep your unlocked keys in a single ssh-agent (you maybe shouldn't), AND you've ever decided you need to forward your ssh-agent, then you should feel bad.

If you forward an ssh-agent with all your unique keys for every domain to a ssh server that is compromised - all those unique keys for all those unique domains you access? Kablooie! Done. Have fun rotating them all.

sshecret is a tool that creates an ssh-agent for each identity file found in your ssh_config(5) and executes ssh commands for a particular host using an environment that has access to only the key for that one host.

If a server to which you've forwarded your ssh-agent is compromised, then only the key used for that domain will be affected.

sshecret is a wrapper around ssh that automatically manages multiple ssh-agent(1) sockets each containing only a single unlocked ssh key. sshecret accepts the same parameters as ssh(1) - fundamentally sshecret uses execve(2) to wrap ssh, modifying the environment to ensure that each key in your ssh_config(5) uses its own ssh-agent.

Install

Install via pip:

pip install --user sshecret

Wherever ssh is accepted

To use sshecret with git, point GIT_SSH to use sshecret by adding this to your shell initialization file (~/.bashrc or the like):

if command -v sshecret > /dev/null 2>&1; then
    export GIT_SSH=sshecret
fi

To use sshecret with scp add this alias to your shell initialization file:

if command -v sshecret > /dev/null 2>&1; then
    alias scp='scp -S sshecret'
fi

Limitations

sshecret obviously won't help you if you're using the same ssh key for multiple domains. You are clearly beyond help.

sshecret depends on a correct ssh_config(5) for your user (found at ~/.ssh/config or wherever $SSH_CONF is pointing), so it'll get weird if that file is weird or nonexistent. Sorry, I guess.

Requirements:

Usage:

usage: sshecret [whatever you want to pass to ssh]

sshecret is a wrapper around ssh that automatically manages multiple
ssh-agent(1)s each containing only a single ssh key.

    EXAMPLE: sshecret -A -L8080:localhost:80 -l johndoe -p2222 example.com

sshecret accepts the same parameters as ssh(1) - fundamentally sshecret uses
execve(2) to wrap ssh, modifying the environment to ensure that each key in
your ssh_config(5) uses its own ssh- agent.

optional arguments:
  -h, --help  show this help message and exit
  -v          Increase verbosity of output
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].