Announcement : sshagentca : a forwarded agent CA

Rory Campbell-Lange rory at campbell-lange.net
Tue Apr 7 06:56:31 AEST 2020


I'm not sure if this is the correct place to post this. Apologies if
not.

In September 2018 I wrote to the list about my interest in the pam-ussh
project following Peter Moody's post on Medium about it:
https://medium.com/uber-security-privacy/introducing-the-uber-ssh-certificate-authority-4f840839c5cc

Using short-lived certificates that could be added to forwarded agents
seemed a promising idea, and I asked the list for comments on whether it
was advisable (some said not) and how it might be done.

Happily, Peter himself responded and pointed me to go's ssh packages.

It has taken me over a year to get around to learning some go and,
recently, attempting a proof-of-concept project for adding certificates
to the forwarded agents of public-key authenticated clients.

The project is here in case anyone is interested in it:

    https://github.com/rorycl/sshagentca

Beware the beginner code.

Many thanks to Peter for his comments, and for the useful resources made
available by scalingo -- amongst others -- on github, together with the
comments from this on this idea back in 2018. 

Rory


More information about the openssh-unix-dev mailing list