danog/tergent
1
0
Fork 0
mirror of https://github.com/danog/tergent.git synced 2024-11-26 12:04:49 +01:00
Code Issues Projects Releases Wiki Activity
3 Commits 2 Branches 4 Tags 97 KiB
Rust 100%
37fdccb39a
Go to file
Kaan Karaagacli 37fdccb39a
Add license file
2018-09-27 23:50:25 -07:00
src Initial commit 2018-09-24 22:58:10 -07:00
.gitignore Initial commit 2018-09-24 22:58:10 -07:00
Cargo.lock Initial commit 2018-09-24 22:58:10 -07:00
Cargo.toml Initial commit 2018-09-24 22:58:10 -07:00
LICENSE Add license file 2018-09-27 23:50:25 -07:00
README.md Add latest installation steps 2018-09-27 22:04:42 -07:00

README.md

tergent - termux ssh agent

An ssh-agent implementation for Termux that uses Android Keystore as its backend.

This application enables the use of keys securely stored in termux-api with ssh-agent protocol capable clients. These clients include the applications provided by openssh, such as ssh, scp, ssh-add and ssh-copy-id.

Tergent does not (and cannot) access your private keys as they are stored inside the secure hardware. In fact, they can never leave the chip even with root privileges, thanks to extraction preventation.
Cryptographic actions are performed by the hardware itself.

Compiling

Install Rust and Android NDK.
You will need to configure cargo with the correct locations for "ar" and "linker", you can follow this page up to and including the rustup target add ... command:
https://mozilla.github.io/firefox-browser-architecture/experiments/2017-09-21-rust-on-android.html
Then this project can be compiled with the command cargo build --target=aarch64-linux-android (or any other Android target).

Alternatively, you can download a debug build for ARM64 Android from the releases page.

Usage

  1. Make sure you have the latest version of Termux:API installed. Don't forget to install the scripts using the command pkg install termux-api.

  2. Generate a key using the command termux-keystore generate myAlias, where myAlias is the name you want to give to the key.

  • This command creates an RSA key - to create an ECDSA key, use the argument "-a EC": termux-keystore generate myAlias -a EC.
  • To specify a key size, use the argument "-s", e.g. termux-keystore generate myAlias -s 4096 or termux-keystore generate myAlias -a EC -s 521.

  1. Verify the key is generated by running the command termux-keystore list.

  2. Run tergent with this command: eval $(./tergent).

  3. Again list the keys to verify, but now using the standard ssh tool: ssh-add -l.

  4. Copy the public key to your server. For this, you have two options:

  • ssh-copy-id is the standard tool for this - invoke it by running ssh-copy-id example.com.
  • You can also use ssh-add -L (notice the uppercase L), and manually copy and append the output to the .ssh/authorized_keys file on your server.
  1. Connect to your server using the usual command ssh example.com.

You will need to run the command eval $(./tergent) every time you start up the terminal. This command can be included in .bash_profile (or a similar script) for convenience.

How do I...

  • list keys: run either ssh-add -l or termux-keystore list
  • create a new key: use termux-keystore generate
  • use a key: just run ssh
  • delete a key: use termux-keystore delete
  • import a key: not supported, generate a new key instead