Show HN: Sshield, a secure(r) SSH agent written in Rust
2 by gotlou | 0 comments on Hacker News.
sshield is a drop-in SSH agent replacement written in Rust which stores keys in an encrypted SQLite database instead of in ~/.ssh. I opted to use russh, which is a Rust implementation of the SSH protocol and ssh-agent for greater memory safety. It allows importing settings and keys from OpenSSH as well as creating, updating, showing and deleting keys. Whenever a program requests using the key for signing, a prompt is displayed to the user for confirmation. This way: 1. Your keys don't get leaked (unless the server process' memory is dumped, but that requires root on *nix systems) 2. Your keys don't get misused and inadvertedly sign something malicious. It is still a work in progress, but I've been able to switch with fairly minor inconveniences that are just the result of not having it globally installed. The repo will soon have a Nix overlay or package output with all the right settings enabled for daily production usage. Other planned features include using one of the Linux sandboxing APIs, like Landlock or seccomp to further lock down server process to reduce the chance of an RCE being triggered and a way to store the database on different cloud storage mediums so you can use their ACLs to further lock down access to the database and back up keys simultaneously.
2 by gotlou | 0 comments on Hacker News.
sshield is a drop-in SSH agent replacement written in Rust which stores keys in an encrypted SQLite database instead of in ~/.ssh. I opted to use russh, which is a Rust implementation of the SSH protocol and ssh-agent for greater memory safety. It allows importing settings and keys from OpenSSH as well as creating, updating, showing and deleting keys. Whenever a program requests using the key for signing, a prompt is displayed to the user for confirmation. This way: 1. Your keys don't get leaked (unless the server process' memory is dumped, but that requires root on *nix systems) 2. Your keys don't get misused and inadvertedly sign something malicious. It is still a work in progress, but I've been able to switch with fairly minor inconveniences that are just the result of not having it globally installed. The repo will soon have a Nix overlay or package output with all the right settings enabled for daily production usage. Other planned features include using one of the Linux sandboxing APIs, like Landlock or seccomp to further lock down server process to reduce the chance of an RCE being triggered and a way to store the database on different cloud storage mediums so you can use their ACLs to further lock down access to the database and back up keys simultaneously.