Announcement : sshagentca : a forwarded agent CA

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I'm not sure if this is the correct place to post this. Apologies if
not.

In September 2018 I wrote to the list about my interest in the pam-ussh
project following Peter Moody's post on Medium about it:
https://medium.com/uber-security-privacy/introducing-the-uber-ssh-certificate-authority-4f840839c5cc

Using short-lived certificates that could be added to forwarded agents
seemed a promising idea, and I asked the list for comments on whether it
was advisable (some said not) and how it might be done.

Happily, Peter himself responded and pointed me to go's ssh packages.

It has taken me over a year to get around to learning some go and,
recently, attempting a proof-of-concept project for adding certificates
to the forwarded agents of public-key authenticated clients.

The project is here in case anyone is interested in it:

    https://github.com/rorycl/sshagentca

Beware the beginner code.

Many thanks to Peter for his comments, and for the useful resources made
available by scalingo -- amongst others -- on github, together with the
comments from this on this idea back in 2018. 

Rory
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux