Apps:SSH agent

From Trezor Wiki
Jump to: navigation, search
Apps openssh logo.png

Thanks to the great work by Roman Zeyde, Trezor firmware (version 1.3.4 and higher) supports NIST256P1 elliptic curve.

This addition does not affect your cryptocurrency funds at all, but it means you can now use Trezor for SSH login to your servers which support it (OpenSSH 5.7 or newer is needed).

What is OpenSSH?

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options.

Thanks to Trezor SSH Agent, administrators can now install this OpenSSH compatible agent easily and enjoy passwordless and secure authentication to their servers.

Resources

Setting up Trezor SSH Agent on Linux

This manual has been tested on Ubuntu 18.04 LTS.

Prerequisites

sudo apt-get install python3-pip libusb-1.0-0-dev libudev-dev

Setup

  1. Run:
pip3 install trezor_agent
  1. Create udev rules:
  2. vi /etc/udev/rules.d/51-trezor.rules
    
  3. If your local bin folder ~/.local/bin has just been created, run the following command or log out and log back into system:
export PATH=$PATH:~/.local/bin/
  1. Generate public key using trezor-agent (enter your PIN just like you would in Trezor Wallet).
$ trezor-agent [email protected]
  1. Log into your server as usual and copy the row containing the ecdsa magic from the previous step into ~/.ssh/authorized_keys file on your server
  2. From now on, you can log in to your server using trezor using the following command:
$ trezor-agent -c [email protected]


NoteThe generated keys depend on the [email protected] parameter, so no two servers/users share the same key.



NoteThis method can also be used for git push or other mechanisms that are using SSH as their communication protocol:
$ trezor-agent [email protected] git push


Setting up Trezor SSH Agent on Windows

Thanks to great work by Martin Lizner, it is possible to use SSH login with Trezor device on computers with Windows operating system.

For detailed information about Trezor SSH Agent see also this GitHub page.

Prerequisites

You will need Java installed to setup Trezor SSH Agent.

https://www.java.com/en/download/

Setup

1. Download Trezor SSH agent

https://github.com/martin-lizner/trezor-ssh-agent/releases/download/v1.0.3/TrezorSSHAgent.exe

2. Download and install Putty, version that supports ECDSA keys. Certified Putty versions: 0.67+, 0.66, 0.65.

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

3. Connect the Trezor device, run Trezor SSH agent, right-click on the Trezor SSH agent tray icon and select "Show Public Key", enter PIN/Passphrase.

4. Copy the public key and paste it at the end of ssh authorized_keys file in ~/.ssh/ directory. If such file doesn't exist yet, create it first and then copy and paste the public key.

5. Start Putty with "Attempt authentication using Pageant" option selected (Connection->SSH->Auth).

Putty.png

6. Use Putty to connect to your favorite SSH server. Provide PIN/Passphrase if asked.

7. Confirm identity sign operation on the device - "SSH login to: btc.rulez".