README: mention IdentityAgent, SeKey, Linux and Windows

FiloSottile · May 10, 2020 · 81a0a38 · 81a0a38
1 parent 98e0ec2
commit 81a0a38
Showing 1 changed file with 31 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -29,8 +29,37 @@ Then add the following line to your `~/.zshrc` and restart the shell.
 export SSH_AUTH_SOCK="/usr/local/var/run/yubikey-agent.sock"
 ```
 
+### Linux
+
+`yubikey-agent` already works on Linux. Smooth installation instructions are coming soon.
+
+### Windows
+
+Windows support is currently WIP.
+
 ## Advanced topics
 
+### Coexisting with other `ssh-agent`s
+
+It's possible to configure `ssh-agent`s on a per-host basis.
+
+For example to only use `yubikey-agent` when connecting to `example.com`, you'd add the following lines to `~/.ssh/config` instead of setting `SSH_AUTH_SOCK`.
+
+```
+Host example.com
+    IdentityAgent /usr/local/var/run/yubikey-agent.sock
+```
+
+To use `yubikey-agent` for all hosts but one, you'd add the following lines.
+
+```
+Host *
+    IdentityAgent /usr/local/var/run/yubikey-agent.sock
+
+Host example.com
+    IdentityAgent $SSH_AUTH_SOCK
+```
+
 ### Conflicts with `gpg-agent` and Yubikey Manager
 
 `yubikey-agent` takes a persistent transaction so the YubiKey will cache the PIN after first use. Unfortunately, this makes the YubiKey PIV and PGP applets unavailable to any other applications, like `gpg-agent` and Yubikey Manager. Our upstream [is investigating solutions to this annoyance](https://github.com/go-piv/piv-go/issues/47).
@@ -85,11 +114,9 @@ The UX of this solution is poor: it requires calling `ssh-add` to load the PKCS#
 
 The ssh-agent that ships with macOS (which is pretty cool, as it starts on demand and is preconfigured in the environment) also has restrictions on where the `.so` modules can be loaded from. It can see through symlinks, so a Homebrew-installed `/usr/local/lib/libykcs11.dylib` won't work, while a hard copy at `/usr/local/lib/libykcs11.copy.dylib` will.
 
-#### Secure Enclave
-
-On macOS systems with a Secure Enclave, it would make even more sense to generate the keys on there, use Touch ID for confirmation, and maybe even show the host being authenticated to on the Touch Bar.
+#### SeKey
 
-There is a project experimenting with that at [github.com/rolandshoemaker/sesa](https://github.com/rolandshoemaker/sesa), but unfortunately compiling software for the Secure Enclave requires specific entitlements from Apple, which complicates development.
+[SeKey](https://github.com/sekey/sekey) is a similar project that uses the Secure Enclave to store the private key and Touch ID for authorization.
 
 #### `pivy-agent`