ssh-agent key management wrapper
Project description
If you have an encrypted ssh key for each domain you access (you should), and you keep your unlocked keys in a single ssh-agent (you maybe shouldn’t), AND you’ve ever decided you need to forward your ssh-agent, then you should feel bad.
If you forward an ssh-agent with all your unique keys for every domain to a ssh server that is compromised - all those unique keys for all those unique domains you access? Kablooie! Done. Have fun rotating them all.
sshecret is a tool that creates an ssh-agent for each identity file found in your ssh_config(5) and executes ssh commands for a particular host using an environment that has access to only the key for that one host.
If a server to which you’ve forwarded your ssh-agent is compromised, then only the key used for that domain will be affected.
sshecret is a wrapper around ssh that automatically manages multiple ssh-agent(1) sockets each containing only a single unlocked ssh key. sshecret accepts the same parameters as ssh(1) - fundamentally sshecret uses execve(2) to wrap ssh, modifying the environment to ensure that each key in your ssh_config(5) uses its own ssh-agent.
Use with git
To use sshecret with git, point GIT_SSH to use sshecret by adding this to your shell initialization file (~/.bashrc or the like):
export GIT_SSH=sshecret
Limitations
sshecret obviously won’t help you if you’re using the same ssh key for multiple domains. You are clearly beyond help.
sshecret depends on a correct ssh_config(5) for your user (found at ~/.ssh/config or wherever $SSH_CONF is pointing), so it’ll get weird if that file is weird or nonexistent. Sorry, I guess.
Requirements:
Usage:
usage: sshecret [whatever you want to pass to ssh]
sshecret is a wrapper around ssh that automatically manages multiple
ssh-agent(1)s each containing only a single ssh key.
EXAMPLE: sshecret -A -L8080:localhost:80 -l johndoe -p2222 example.com
sshecret accepts the same parameters as ssh(1) - fundamentally sshecret uses
execve(2) to wrap ssh, modifying the environment to ensure that each key in
your ssh_config(5) uses its own ssh- agent.
optional arguments:
-h, --help show this help message and exit
-v Increase verbosity of output
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for sshecret-20170703-py2-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b77e6b540578a4916d4d5bff90e844072508984cc59695e3a9465349124b79d3 |
|
| MD5 | 1c9ba401cb563407f2f2243a483bc445 |
|
| BLAKE2b-256 | c1bcf9547f40508c4ce7c683aa858a944ee0164564924a9582ac47e535a04bde |
