sesa

command module
v0.0.0-...-05bf071 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 5, 2020 License: MIT Imports: 19 Imported by: 0

README

sesa - Secure Enclave powered SSH Agent

WARNING: my lack of objective-c experience is only rivaled by my lack of macOS API experience, be warned, this code may not work the way you expect it to, or I intend it to.

Usage should be pretty straight forward:

./sesa -sock ~/sesa.sock &
export SSH_AUTH_SOCK=~/sesa.sock
ssh roland@somewhere

Both sesa and sesa-tool need to be codesignd with entitlements in order to work, otherwise amfid and taskgated-helper will just kill them. They both require at least the com.apple.application-identifier and keychain-access-groups entitlements set. The signing cert and entitlements values will need to match an installed provisioning profile.

This is a one trick pony, if you still want to use your system SSH agent, i.e. because you want to use the keys in ~/.ssh, you'll need to figure that out yourself. You'll probably want to do something like defining per-host agents using IdentityAgent in your SSH config.

Managing SE keys

Apple doesn't provide an easy way to manipulate the contents of the enclave. I've written a small(ish) tool to add/list/delete keys for use with sesa, which is in sesa-tool/. Once built and signed, it can be used to generate keys and will output the SSH public key format expected for authorized_keys files.

$ sesa-tool generate -key-label se-ssh-key

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL