GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → martin-lizner → trezor-ssh-agent

martin-lizner / trezor-ssh-agent

Licence: MIT license
Trezor SSH Agent for Windows (Putty, WinSCP and more) + KeepKey supported!

Programming Languages

java
68154 projects - #9 most used programming language

Labels

sshbitcoinputtytrezorkeepkeyssh-agentpageant

Projects that are alternatives of or similar to trezor-ssh-agent

win-gpg-agent
[DEPRECATED] Windows helpers for GnuPG tools suite
Stars: ✭ 214 (+296.3%)
Mutual labels:  putty, ssh-agent, pageant
Simpleremote
Remote Administration Tools
Stars: ✭ 504 (+833.33%)
Mutual labels:  ssh, putty
Trezor Agent
Hardware-based SSH/PGP agent
Stars: ✭ 400 (+640.74%)
Mutual labels:  ssh, trezor
Terminals
Terminals is a secure, multi tab terminal services/remote desktop client. It uses Terminal Services ActiveX Client (mstscax.dll). The project started from the need of controlling multiple connections simultaneously. It is a complete replacement for the mstsc.exe (Terminal Services) client. This is official source moved from Codeplex.
Stars: ✭ 971 (+1698.15%)
Mutual labels:  ssh, putty
wsl-agent-bridge
WSL compatibility bridge for ssh-agent on Windows
Stars: ✭ 17 (-68.52%)
Mutual labels:  ssh, ssh-agent
Weasel Pageant
Deprecated: An ssh-agent compatible helper for interacting with Pageant from processes running on the Windows Subsystem for Linux.
Stars: ✭ 256 (+374.07%)
Mutual labels:  ssh, putty
Cloudconnect
Cloud aware client to connect ssh, sftp and rdp
Stars: ✭ 25 (-53.7%)
Mutual labels:  ssh, putty
Kitty
💻 KiTTY, a free telnet/ssh client for Windows
Stars: ✭ 791 (+1364.81%)
Mutual labels:  ssh, putty
Yubikey Agent
yubikey-agent is a seamless ssh-agent for YubiKeys.
Stars: ✭ 1,744 (+3129.63%)
Mutual labels:  ssh, ssh-agent
Superputty
The SuperPuTTY Window Manager for putty sessions
Stars: ✭ 1,572 (+2811.11%)
Mutual labels:  ssh, putty
zsh-ssh-agent
Ssh-agent management for zsh
Stars: ✭ 19 (-64.81%)
Mutual labels:  ssh, ssh-agent
Putty Cac
Windows Secure Shell Client With Support For Smart Cards & Certificates
Stars: ✭ 192 (+255.56%)
Mutual labels:  ssh, putty
piv-agent
An SSH and GPG agent which you can use with your PIV hardware security device (e.g. a Yubikey).
Stars: ✭ 31 (-42.59%)
Mutual labels:  ssh, ssh-agent
Wsl Ssh Pageant
A Pageant -> TCP bridge for use with WSL, allowing for Pageant to be used as an ssh-ageant within the WSL environment.
Stars: ✭ 381 (+605.56%)
Mutual labels:  ssh, putty
sshecret
I can keep a SSHecret
Stars: ✭ 56 (+3.7%)
Mutual labels:  ssh, ssh-agent
Networkmanager
A powerful tool for managing networks and troubleshoot network problems!
Stars: ✭ 1,296 (+2300%)
Mutual labels:  ssh, putty
Awesome Ssh
💻 A curated list of SSH resources.
Stars: ✭ 1,742 (+3125.93%)
Mutual labels:  ssh, ssh-agent
TrezorSymmetricFileEncryption
🔒 Use your Trezor device to symmetrically encrypt and decrypt files
Stars: ✭ 16 (-70.37%)
Mutual labels:  trezor, keepkey
SmartPutty
Multi-Tabbed PuTTY written in Java
Stars: ✭ 34 (-37.04%)
Mutual labels:  putty
ssh-agent-cmd
Script for Windows Command Processor (cmd.exe) to run ssh-agent
Stars: ✭ 40 (-25.93%)
Mutual labels:  ssh-agent
View All Similar Projects ➔

Status: Build Status

Trezor SSH Agent for Windows (Putty, WinSCP and more)

  • Supported devices: Trezor, KeepKey (see KeepKey Users section)
  • Supported keys: ecdsa-sha2-nistp256, ssh-ed25519

Trezor SSH Agent is a Windows application that allows users to authenticate to UNIX/Linux SSH servers using their favorite apps like Putty, WinSCP or other Pageant-compatible clients (e.g. git) together with their bitcoin hardware wallet. Trezor SSH Agent is a GUI-enabled tray application that emulates Pageant process in Windows. It receives identity requests from SSH client (which gets it from SSH server), uses wallet hardware to sign challenge and sends data back. All this is framed in secure Elliptic curve cryptography (ECC) and PIN obfuscation approach giving user the cutting edge security while authenticating to SSH server.

It is absolutely safe to use Trezor SSH Agent. No harm can be caused to your bitcoins or the wallet. Application never asks device for any Bitcoin related action, e.g. it never asks to sign tx.

Limitations

  • ssh-rsa is not supported by the device HW.
  • No other device app (like myTREZOR webpage or KeepKey Chrome extension) can be running simultaneously.
  • Pageant cannot run simultaneously.
  • BIP32 path is fixed by constant Identity URI. In PIN-only mode this produces just one public key per device. Turning on passphrase security on your device gives you unique key per every passhrase. Alternatively you can change the path in the settings file (see Advanced)
  • There are small troubles on USB level that makes Trezor init last a bit longer (20-30 sec) in certain situations.

Getting started

Start

  • Download and run JAR or EXE binary from latest release.
  • Java 1.8 is required.
  • Or you can build your own java (see bellow) and run class com.trezoragent.gui.StartAgentGUI main.

Build

Trezor SSH Agent uses the standard Maven build process and can be used without having external hardware attached. Just do the usual:

$ cd <project directory>
$ mvn clean install

Troubleshooting

  • Edit logger.properties file and set com.trezoragent.level = FINE for more detailed logging.
  • Application log is saved in your C:\Users\...\ directory under default name: Trezor_Agent.log
  • You can also access log by using the "Open Log File" item in the application tray menu.
  • If you are getting "Device not ready" message, try closing your Chrome browser and re-plug the device
  • Also make sure that SSH Server you are connecting to supports ECC:
    • ECDSA is generally supported since OpenSSH 5.7
    • But there are backports to some older openSSH versions, e.g. Redhat/CentOS 5.3p1-112

Usage

  • Please download Putty or WinSCP version that supports ECDSA keys. Certified Putty versions: 0.67+, 0.66, 0.65
  • After started the app, find Trezor icon in Windows tray area and right click to open menu. Menu
  • Click "Show Public Key" to get your openSSH public key. Provide PIN/Passphrase if asked. Place key on SSH server in your user authorized_keys file.
  • Start Putty with "Attempt authentication using Pageant" option selected (Connection->SSH->Auth). Putty
  • Use Putty to connect to your favorite SSH server.
  • Provide PIN/Passphrase if asked.
  • Confirm identity sign operation on the device - "SSH login to: btc.rulez". Success

KeepKey Users

  • Make sure Chrome browser is switched off if you have KeepKey extension installed - else you may get KeepKey not ready warning.
  • After started the Trezor SSH Agent use "Edit Settings" menu item to set DEVICE=keepkey property in the settings file.
    • You can also access settings file in your Windows user directory under name Trezor_Agent.properties
  • After you have made changes to settings file, please restart the Trezor SSH Agent.

Advanced

  • Using the "Edit Settings" menu you can edit some Trezor SSH Agent properties saved in the settings file. After you make the changes, make sure you restart the app for changes to take effect.
  • You can customize the BIP32 URI and Index values that are used to derive your unique device key. This is also text which is displayed on the device when confirming the login operation. Please be aware that BIP32_URI must comfor [Java URI] (http://www.ietf.org/rfc/rfc2396.txt) as well as SLIP-0013 so avoid using chars like underscore.
  • SESSION_TIMEOUT property defines minutes of idle time after device automatically locks itself. Display stays on, but PIN and passphrase cache is reseted after timeout. Idle time is zeroed after each successful pubkey or sign operation.
  • CURVE_NAME property = {nist256p1 | ed25519} specifies which key type will be requested from the device. Please keep in mind, that ed25519 support is available since Trezor 1.3.6 and KeepKey 3.0.17 firmwares.

Agent Forwarding

You can also use Trezor SSH Agent with "agent forwarding" option set in SSH client. This would enable chaining connections back to original agent. Example:

  1. Open SSH to UNIX with agent forwarding enabled in Putty.
  2. From UNIX shell command line open another ssh connection (e.g. ssh root@localhost) to server which trusts your public key.
  3. Confirm operation on the device and you are logged in.

Public Key Example

ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKJHh8o1FNgyEXzPLIc7tlk4n+4/mLlCs/m/SY7+WsUhdoajyHiyP0Zdo+VuWAizLTApW68QIzqWY73fur+i7nk= Trezor

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK66qZJ26L1x5XEeUKewwerLqvltSf8yvx884ObsvwB3 TrezorDEV

Credits

Bitcoin donations: 1QEKWJFAqwkCxPotJoGpfaFDnaShjiNtb5

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].