SSH agent for Chrome OS
683 views
Skip to first unread message
Evan Broder
Sep 8, 2015, 12:35:36 PM9/8/15
to chromiu...@chromium.org, Carl Jackson
Hey folks -
We've been working at Stripe on implementing an SSH agent for the
Secure Shell app that uses the new chrome.platformKeys API (just
released in Chrome 45 for Chrome OS). It's still very rough around the
edges, but we're pretty excited about being able to do SSH
authentication using keys stored on the TPM soon.
Code is on Github here: https://github.com/stripe/macgyver
We wrote up a bunch of notes on our experiences dealing with both the
SSH agent relay protocol and the permissioning scheme for
platformKeys. The latter definitely feels like it could use some work
before being broadly useful (and is part of the reason, e.g., we're
not publishing the agent to the web store yet)
Hopefully this is interesting to folks thinking about SSH on Chrome
generally. Definitely let us know if anything in the docs is unclear,
or if there are any other questions we could answer!
- Evan
We've been working at Stripe on implementing an SSH agent for the
Secure Shell app that uses the new chrome.platformKeys API (just
released in Chrome 45 for Chrome OS). It's still very rough around the
edges, but we're pretty excited about being able to do SSH
authentication using keys stored on the TPM soon.
Code is on Github here: https://github.com/stripe/macgyver
We wrote up a bunch of notes on our experiences dealing with both the
SSH agent relay protocol and the permissioning scheme for
platformKeys. The latter definitely feels like it could use some work
before being broadly useful (and is part of the reason, e.g., we're
not publishing the agent to the web store yet)
Hopefully this is interesting to folks thinking about SSH on Chrome
generally. Definitely let us know if anything in the docs is unclear,
or if there are any other questions we could answer!
- Evan
Mark Stosberg
Oct 16, 2018, 3:42:03 PM10/16/18
to chromium-hterm, ca...@stripe.com
Now that it is three years later, is it possible to start storing SSH private keys in the TPM on unmanaged Chromebooks?
Mike Frysinger
Oct 16, 2018, 9:59:13 PM10/16/18
to ma...@rideamigos.com, chromium-hterm, ca...@stripe.com
what doesn't work with macgyver ?
managed status doesn't matter to how the TPM is exposed via the chrome.platformKeys API.
-mike
--
You received this message because you are subscribed to the Google Groups "chromium-hterm" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/a49301e2-53f6-40a9-915c-478502bb2f74%40chromium.org.
Mark Stosberg
Oct 17, 2018, 9:15:01 AM10/17/18
to Mike Frysinger, chromium-hterm, ca...@stripe.com
On Tue, Oct 16, 2018 at 9:59 PM Mike Frysinger <vap...@chromium.org> wrote:
what doesn't work with macgyver ?
According to the Macgyver docs on Permissions:
It's only possible to access certificates that were generated using the chrome.enterprise.platformKeys API. In order to use MacGyver, this means that you must have an enterprise-enrolled Chromebook that uses an administrator-provisioned extension to generate and load certificates.
Mark
--
Mark Stosberg | |
Director of Systems and Security | RideAmigos | 765-277-1916 | ma...@rideamigos.com |
Reply all
Reply to author
Forward
0 new messages