This addition does not affect your cryptocurrency funds at all, but it means you can now use Trezor for SSH login to any of your servers which support it (OpenSSH 5.7 or newer is needed).
What is OpenSSH?
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides an extensive suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options.
Thanks to Trezor SSH Agent, administrators can now install this OpenSSH compatible agent easily and enjoy password-less and secure authentication to their servers.
Setting up Trezor SSH Agent on Linux
This manual has been tested on Ubuntu 18.04 LTS.
sudo apt-get install python3-pip libusb-1.0-0-dev libudev-dev
pip3 install trezor_agent
- Create udev rules:
- Copy & paste the content of https://github.com/trezor/trezor-common/blob/master/udev/51-trezor.rules.
- Save the file.
- Generate public key using trezor-agent (enter your PIN just like you would in Trezor Wallet).
$ trezor-agent [email protected]
- Log into your server as usual and copy the row containing the ecdsa magic from the previous step into ~/.ssh/authorized_keys file on your server
- From now on, you can log in to your server using trezor using the following command:
$ trezor-agent -c [email protected]
$ trezor-agent [email protected] git push
Setting up Trezor SSH Agent on Windows
Thanks to the great work by Martin Lizner, it is possible to use SSH login with a Trezor device on computers with a Windows operating system.
For detailed information about Trezor SSH Agent, see also this GitHub page.
You will need Java installed to set up Trezor SSH Agent.
1. Download the Trezor SSH agent
2. Download and install Putty, a version that supports ECDSA keys. Certified Putty versions: 0.67+, 0.66, 0.65.
4. Copy the public key and paste it at the end of the ssh authorized_keys file in ~/.ssh/ directory. If that file does not exist yet, create it first and then copy and paste the public key.
5. Start Putty with the "Attempt authentication using Pageant" option selected (Connection->SSH->Auth).
6. Use Putty to connect to your favorite SSH server. Provide PIN/Passphrase if asked.
7. Confirm the identity sign operation on the device - "SSH login to: btc.rulez".