Apps:SSH agent

From Trezor Wiki
Jump to: navigation, search
Trezor WikiUser portalAppsSSH agent

Apps openssh logo.png

Thanks to the great work by Roman Zeyde Trezor firmware version 1.3.4 and higher supports NIST P-256 elliptic curve. This addition does not affect Bitcoin at all, but it means you can now use Trezor for SSH login to your servers which support it (OpenSSH 5.7 or newer is needed).

What is OpenSSH?

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options.

Thanks to Trezor SSH Agent administrators can now install this OpenSSH compatible agent easily and enjoy passwordless and secure authentication to their servers.

Resources

Trezor User Manual

Setting up Trezor SSH Agent

In order to use this exciting feature upgrade your Trezor firmware and follow these steps:

  1. install trezor agent on your client machine:

    $ sudo pip install trezor_agent

  2. generate public key using trezor-agent (enter scrambled PIN like you would in Trezor Wallet)

    $ trezor-agent [email protected]

  3. log in to your server as usual and copy the row containing the ecdsa magic from the previous step into ~/.ssh/authorized_keys file on your server
  1. from now on you can log in to your server using trezor using the following command:

    $ trezor-agent -c [email protected]

NoteNote #1: The generated keys depend on the [email protected] parameter, so no two servers/users share the same key. Note #2: This method can also be used for git push or other mechanisms that are using SSH as their communication protocol: $ trezor-agent [email protected] git push