Hacker Read

beagle3 · 2021-12-16 12:27:31

SSH has included file encryption for a few versions now, and iirc supports yubikeys — probably would be more useful a backend than age.

StavrosK | karma 1 | avg karma 0.0 · | 2020-05-10 12:57:47+00:00

I'm not sure if they will support those yet. I could never get SSH working well, whereas SSH with U2F works perfectly (and they do support that). I'm guessing they will add GPG key integration, as once the key can perform crypto operations, it's just a matter of host software.

joestringer | karma 28 | avg karma 1.12 · | 2012-05-01 01:22:43+00:00

And they support keys -- Although it seems the primary way to use them is by putting your keys into your 'Downloads' folder, which isn't exactly ideal.

Looks like this will eventually replace the inbuilt ssh supplied with crosh (Chromium OS shell)

reply

karlmdavis | karma 876 | avg karma 6.39 · | 2016-09-17 11:15:53

Here's half an answer: Kerberos.

Which SSH does support, btw.

reply

cbsmith | karma 4783 | avg karma 1.38 · | 2023-04-17 14:36:54

Another way I'm feeling old... I remember back when OpenSSH was just a plucky upstart implementation of SSH.

wyldfire | karma 20828 | avg karma 4.03 · | 2019-06-27 09:48:17

Hmm. The lack of any kind of user-accessible local filesystem is one thing that makes me not prefer iOS.

But it's a real puzzler: is this really a brand new implementation of the ssh protocol? I know I'd feel a LOT better knowing that it used OpenSSH.

reply

jamiesonbecker | karma 410 | avg karma 0.6 · | 2015-10-20 02:18:40+00:00

Cool. Looks like Userify.com (SSH Key management) will support yet another platform sometime next year.

(disclaimer: I work there.)

reply

jedisct1 | karma 3627 | avg karma 3.51 · | 2013-03-06 23:15:36

Do we need a replacement for SSH? The OpenSSH team is doing an amazing work. Besides making the tool as secure as possible, they are also improving the protocol. The recently added support for encrypt-then-MAC modes is a great step forward.

the8472 | karma 12236 | avg karma 2.77 · | 2021-03-03 23:05:05+00:00

Also any proprietary/ancient SSH implementation only supporting RSA that you'll find in all kinds of boxes.

tialaramex | karma 26322 | avg karma 2.85 · | 2021-10-05 17:32:50

If you wanted OpenPGP to protect SSH, you should consider upgrading clients and servers to a modern OpenSSH which can just speak FIDO (which this and other recent Yubikeys support)

throwaway892238 | karma 2224 | avg karma 4.5 · | 2023-03-26 23:02:56

I meant the protocol, not the program. A secure shell is still useful, but the old protocol is like a unix neckbeard that doesn't wanna learn containers. (And while we're on the subject, SSHD should support an HTTPS port and either serve a javascript client or accept websocket connections, because it is 2023 and that's what everyone wants anyway)

aborsy | karma 2713 | avg karma 1.87 · | 2023-09-12 00:07:32

Thanks! It doesn’t look very promising! SSH is already PQ-secure.

cepp | karma 782 | avg karma 9.2 · | 2022-04-12 19:59:03

Yes, because it’s underpinned by SSH it’s secure.

The authors consider it feature complete hence the lack of updates.

reply

2ion | karma 957 | avg karma 2.75 · | 2020-03-31 17:16:45+00:00

It's usually not a full replacement. SSH for macOS has some integration built in that current OpenSSH does not have, like Keychain integration.

JoachimSchipper | karma 6901 | avg karma 2.53 · | 2016-04-18 06:13:09+00:00

I agree - the killer advantage of SSH is that OpenSSH is very, very good.

lxgr | karma 11963 | avg karma 2.2 · | 2023-03-24 09:04:17

Yes, but that would either be a fork of OpenSSH, private or open source (both are possible since it's BSD-licensed), or a different SSH server (which Github is of course free to use, since the protocol is standardized and their scale absolutely justifies any efforts in protecting their SSH host key). But GPs comment was about OpenSSH.

Edit: Apparently OpenSSH's sshd also supports the SSH agent protocol for host keys, and ssh-agent does support PKCS#11 – so I stand corrected!

reply

jkaplowitz | karma 3273 | avg karma 2.55 · | 2018-05-17 18:36:12+00:00

It's still the only SSH client I know that can change most of its settings during an existing session, especially in a cross-platform way (it is available for Linux). Good software indeed.

tomxor | karma 9908 | avg karma 3.79 · | 2021-03-01 15:41:15

pam_yubico yes.

You can also use this to secure SSHD on servers by delegating to PAM with keyboard-interactive.

I'm waiting for U2F OpenSSH support to trickle down to stable distros but in the meantime pam_yubico is pretty damn good... not to mention you don't have to worry about terminal support since it relies on the yubikey OTP emulating a keyboard.

reply

resoluteteeth | karma 4198 | avg karma 4.51 · | 2021-01-21 20:29:35+00:00

If you just want ssh it's even easier to use u2f/fido now since it's built into openssh.

kemotep | karma 1075 | avg karma 2.51 · | 2023-11-25 19:02:51

If it’s good enough for ssh, it’s good enough for everything. Widespread Passkey support can’t come soon enough.