Skip to content

ssh-tpm-agent v0.2.0

Compare
Choose a tag to compare
@Foxboron Foxboron released this 19 Oct 19:04
· 115 commits to master since this release
v0.2.0
25e8edb

The release is signed with C100 3466 7663 4E80 C940 FB9E 9C02 FF41 9FEC BE16.

New Features

Agent proxying

ssh-tpm-agent now allows ssh-agent proxying through the -A option. This allows ssh-tpm-agent to forward signing requests to other agents that supports other key types then the TPM keys. This is practical to keep one socket as a main socket while still not having to abandon non-TPM sealed keys.

Key import

ssh-tpm-keygen has gotten an --import command to allows people to import RSA2048 and ecdsa keys created by ssh-keygen.

RSA key support

ssh-tpm-agent now supports rsa2048 keys. TPMs usually do not support anything above 2048 bit strength, I recommend the ecdsa keys instead but someone might want RSA keys I guess.

Host Key support

This release implements support for TPM sealed host keys. ssh-tpm-hostkeys shows host keys and installs system global services, and configuration for sshd, to use ssh-tpm-agent as a system daemon. ssh-tpm-keygen -A creates ecdsa and RSA host keys.

What's Changed

  • Use $XDG_RUNTIME_DIR or /var/tmp/ by default for socket by @stigtsp in #5
  • keygen: Use term.ReadPassword() when reading PIN by @stigtsp in #6
  • Update README.md: fix typo in releases url by @jrwren in #7
  • README: fix install example command by @stigtsp in #8
  • agent: Allow password-caching in pinentry by @stigtsp in #11
  • ssh-tpm-agent: Add ssh-agent proxy functionality with -A by @Foxboron in #13
  • agent: add --key-dir as a flag, and warn if key dir is a symlink. by @andersju in #14
  • Support RSA keys by @Foxboron in #17
  • Implement import of existing keys by @Foxboron in #16
  • Support comments in keys by @Foxboron in #18
  • Socket activation and --install-user-units by @Foxboron in #19
  • Implement ssh-tpm-add by @Foxboron in #21
  • Fix typos and code formatting in README by @dcousens in #22
  • Fix .tpm suffix in ssh-tmp-keygen by @rafiramadhana in #27
  • LoadKeys() use env + slog.Debug + refactor by @jtagcat in #24

New Contributors

Full Changelog: v0.1.0...v0.2.0