ssh-agent key management wrapper
Project description
If you have an encrypted ssh key for each domain you access (you should), and you keep your unlocked keys in a single ssh-agent (you maybe shouldn’t), AND you’ve ever decided you need to forward your ssh-agent, then you should feel bad.
If you forward an ssh-agent with all your unique keys for every domain to a ssh server that is compromised - all those unique keys for all those unique domains you access? Kablooie! Done. Have fun rotating them all.
sshecret is a tool that creates an ssh-agent for each identity file found in your ssh_config(5) and executes ssh commands for a particular host using an environment that has access to only the key for that one host.
If a server to which you’ve forwarded your ssh-agent is compromised, then only the key used for that domain will be affected.
sshecret is a wrapper around ssh that automatically manages multiple ssh-agent(1) sockets each containing only a single unlocked ssh key. sshecret accepts the same parameters as ssh(1) - fundamentally sshecret uses execve(2) to wrap ssh, modifying the environment to ensure that each key in your ssh_config(5) uses its own ssh-agent.
Use with git
To use sshecret with git, point GIT_SSH to use sshecret by adding this to your shell initialization file (~/.bashrc or the like):
export GIT_SSH=sshecret
Limitations
sshecret obviously won’t help you if you’re using the same ssh key for multiple domains. You are clearly beyond help.
sshecret depends on a correct ssh_config(5) for your user (found at ~/.ssh/config or wherever $SSH_CONF is pointing), so it’ll get weird if that file is weird or nonexistent. Sorry, I guess.
Requirements:
Usage:
usage: sshecret [whatever you want to pass to ssh]
sshecret is a wrapper around ssh that automatically manages multiple
ssh-agent(1)s each containing only a single ssh key.
EXAMPLE: sshecret -A -L8080:localhost:80 -l johndoe -p2222 example.com
sshecret accepts the same parameters as ssh(1) - fundamentally sshecret uses
execve(2) to wrap ssh, modifying the environment to ensure that each key in
your ssh_config(5) uses its own ssh- agent.
optional arguments:
-h, --help show this help message and exit
-v Increase verbosity of output
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sshecret-20170703-py2-none-any.whl.
File metadata
- Download URL: sshecret-20170703-py2-none-any.whl
- Upload date:
- Size: 7.6 kB
- Tags: Python 2
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b77e6b540578a4916d4d5bff90e844072508984cc59695e3a9465349124b79d3
|
|
| MD5 |
1c9ba401cb563407f2f2243a483bc445
|
|
| BLAKE2b-256 |
c1bcf9547f40508c4ce7c683aa858a944ee0164564924a9582ac47e535a04bde
|
