-
-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Destination constraints #42
Comments
Hi @noonien, thanks for the suggestion. If this feature is only implemented by OpenSSH starting from version 8.9, I think there is a more flexible way to enable the destination constraints via the https://github.com/TimothyYe/skm#hook-mechanism You may put the |
When connecting to a ssh server, by default, all available public keys are sent for it to choose one for authentication.
This is a problem because any server you connect to now has a list of all your public keys.
While this is not really a security issue for authentication, it allows servers to identify you if they have, for example, your github ssh key, or check other servers if they accept your public key (see, for example, https://github.com/benjojo/ssh-key-confirmer).
OpenSSH 8.9 implemented detstination constraints, this allows
ssh-agent
to forwards public keys based on the destination server. The destination constraints can be added via the-h
flag tossh-add
.It would be cool for skm to either support adding destination constraints for keys, or to add keys with destination constraints to .ssh/config
The text was updated successfully, but these errors were encountered: