Skip to content

bolaum/agentk

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

agentk

agentk implements the ssh-agent protocol and allows access to keys within a kNET-HSM. It uses the kkmip library provided by Kryptus as a backend for communication with kNET-HSM and supports a subset of the functionalities provided by OpenSSH's ssh-agent, as listed below.

Features

  • Suports all clients compatible with ssh-agent
  • Key management with ssh-add
  • Straight-forward operation and configuration

Dependencies

All dependencies are installed during setup with the exception of kkmip library, that should be acquired separately (please contact folks at Kryptus).

Usage

Checkout the repository:

git clone https://github.com/bolaum/agentk.git
cd agentk

And install (virtualenv recommended):

virtualenv venv
source venv/bin/activate
pip install -e .

Create a config file:

cp etc/config.example.yml ~/.agentk.yml
vim ~/.agentk.yml

And edit it with appropriate values.

Run the application (use -v for verbose output, -d for debug and -h for other options):

agentk 

I should output something like this:

SSH_AUTH_SOCK=/tmp/agentk.sock; export SSH_AUTH_SOCK;

Now, in a new terminal, paste the string printed by the app.

Adding a private key

ssh-add /path/to/private_key

The private key will be added to kNET-HSM.

Listing all public keys

ssh-add -L

Removing a key

ssh-add -d /path/to/public_or_private_key

Removing all keys

WARNING: This will remove all RSA key pairs inside the HSM!

ssh-add -D

Using ssh

Listed keys can be added to your ~/.ssh/authorized_keys to allow ssh connection without a password.

ssh-add -L >> ~/.ssh/authorized_keys

Then you should be able to connect to the local ssh server:

ssh localhost

TODO

  • Daemonize application
  • Support for DSA and ECDSA keys
  • Add key password support
  • Add locking and unlocking support
  • Add option to disable removal of all keys
  • Windows support
  • Fix tests
  • Test on other unix like systems (FreeBSD, OpenBSD, etc.)
  • Improve documentation A LOT!

Why?

Well, mainly for fun and profit. I suppose tens of millions of people use ssh everyday, so it's a good thing that kNET-HSM is now integrated with almost every client ever written for unix like systems =D

Releases

No releases published

Packages

No packages published

Languages