lastpass-ssh - SSH key management with LastPass

  •        14

This repository has a tool called lastpass-ssh which integrates LastPass with SSH. You store your SSH key passphrases in LastPass, and SSH key files somewhere else. To start using SSH, you type lastpass-ssh and it will unlock all SSH keys with appropriate passphrases taken from LastPass. You make yourself an "SSH" subfolder in the LastPass' "Secure Notes" and add secure notes there. Each note has a name and a passphrase. The name corresponds to the filename of the SSH key file, and the passphrase is its key's passphrase.

https://github.com/wkoszek/lastpass-ssh

Tags
Implementation
License
Platform

   




Related Projects

trezor-agent - Hardware-based SSH/PGP agent

  •    Python

This project allows you to use various hardware security devices to operate GPG and SSH. Instead of keeping your key on your computer and decrypting it with a passphrase when you want to use it, the key is generated and stored on the device and never reaches your computer. Read more about the design here. You can do things like sign your emails, git commits, and software packages, manage your passwords (with pass and gopass, among others), authenticate web tunnels and file transfers, and more.

skm - A simple and powerful SSH keys manager

  •    Go

Download it from releases and extact it to /usr/bin or your PATH directory. So, where are my SSH keys? SKM will create SSH key store at $HOME/.skm and put all the SSH keys in it.

KeyBox - Web-based SSH console that centrally manages administrative access to systems

  •    Java

KeyBox is an open-source web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding.

SSH.NET - SSH.NET is a Secure Shell (SSH) library for .NET, optimized for parallelism.

  •    CSharp

SSH.NET is a Secure Shell (SSH-2) library for .NET, optimized for parallelism.This project was inspired by Sharp.SSH library which was ported from java and it seems like was not supported for quite some time. This library is a complete rewrite, without any third party dependencies, using parallelism to achieve the best performance possible.


geofront - Simple SSH key management service

  •    Python

Geofront is a simple SSH key management server. It helps to maintain servers to SSH, and authorized_keys list for them. Read the docs for more details.

pam_ssh

  •    C

This module provides single sign-on behavior. The user types a passphrase when logging in and is allowed in if it decrypts the user's SSH private key. An ssh-agent is started and keys are added. For the entire session, the user types no more passwords.

ssh-chat - Chat over SSH.

  •    Go

Custom SSH server written in Go. Instead of a shell, you get a chat prompt.The server's RSA key fingerprint is MD5:e5:d5:d1:75:90:38:42:f6:c7:03:d7:d0:56:7d:6a:db or SHA256:HQDLlZsXL3t0lV5CHM0OXeZ5O6PcfHuzkS8cRbbTLBI. If you see something different, you might be MITM'd.

awesome-ssh - :computer: A curated list of SSH resources.

  •    

A curated list of SSH apps, libraries and resources. Inspired by the awesome list thing.

ssh-mitm - SSH man-in-the-middle tool

  •    Shell

This penetration testing tool allows an auditor to intercept SSH connections. A patch applied to the OpenSSH v7.5p1 source code causes it to act as a proxy between the victim and their intended SSH server; all plaintext passwords and sessions are logged to disk. Of course, the victim's SSH client will complain that the server's key has changed. But because 99.99999% of the time this is caused by a legitimate action (OS re-install, configuration change, etc), many/most users will disregard the warning and continue on.

ssh-cert-authority - An implementation of an SSH certificate authority.

  •    Go

A democratic SSH certificate authority. Operators of ssh-cert-authority want to use SSH certificates to provide fine-grained access control to servers they operate, keep their certificate signing key a secret and not need to be required to get involved to actually sign certificates. A tall order.

kr - A dev tool for SSH auth + Git commit/tag signing using a key stored in Krypton.

  •    Go

kr enables SSH to authenticate with a key stored in a Krypton (iOS or Android) mobile app. kr runs as an SSH agent, called krd. When a Krypton private key operation is needed for authentication, krd routes this request to the paired mobile phone, where the user decides whether to allow the operation or not. The private key never leaves the phone. kr currently supports MacOS (10.10+) and Linux (Debian, RHEL, CentOS, Fedora with systemd).

whosthere - A ssh server that knows who you are. $ ssh whoami.filippo.io

  •    Go

A ssh server that knows who you are.When it tries to authenticate via public key, ssh sends the server all your public keys, one by one, until the server accepts one. One can take advantage of this to enumerate all the client's installed public keys.

ssh-badkeys - A collection of static SSH keys (public and private) that have made their way into software and hardware products

  •    

This is a collection of static SSH keys (host and authentication) that have made their way into software and hardware products. This was inspired by the Little Black Box project, but focused primarily on SSH (as opposed to TLS) keys. Keys are split into two categories; authorized keys and host keys. The authorized keys can be used to gain access to a device with this public key. The host keys can be used to conduct a MITM attack against the device, but do not provide direct access.

OpenSSH - Keep your communication secret

  •    C

OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

Apache SSHD - Java library to support the SSH protocols on both the client and server side.

  •    Java

Apache SSHD is a 100% pure java library to support the SSH protocols on both the client and server side. This library is based on Apache MINA, a scalable and high performance asynchronous IO library. SSHD does not really aim at being a replacement for the SSH client or SSH server from Unix operating systems, but rather provides support for Java based applications requiring SSH support.

GoSSHa - Go SSH agent: can execute commands at thousands of servers and upload files to them

  •    Go

Ssh client that supports command execution and file upload on multiple servers (designed to handle thousands of parallel SSH connections). GoSSHa supports SSH authentication using private keys (encrypted keys are supported using external call to ssh-keygen) and ssh-agent, implemented using go.crypto/ssh. GoSSHa is not designed to be used directly by end users, but rather serve as a lightweight proxy between your application (GUI or CLI) and thousands of SSH connections to remote servers.

meterssh - MeterSSH is a way to take shellcode, inject it into memory then tunnel whatever port you want to over SSH to mask any type of communications as a normal SSH connection

  •    Python

MeterSSH is a way to take shellcode, inject it into memory then tunnel whatever port you want to over SSH to mask any type of communications as a normal SSH connection. The way it works is by injecting shellcode into memory, then wrapping a port spawned (meterpeter in this case) by the shellcode over SSH back to the attackers machine. Then connecting with meterpreter's listener to localhost will communicate through the SSH proxy, to the victim through the SSH tunnel. All communications are relayed through the SSH tunnel and not through the network. There are two files, monitor.py and meterssh.py.

ansible-ssh-hardening - This Ansible role provides numerous security-related ssh configurations, providing all-round base protection

  •    Ruby

This role provides secure ssh-client and ssh-server configurations. It is intended to be compliant with the DevSec SSH Baseline. Warning: This role disables root-login on the target server! Please make sure you have another user with su or sudo permissions that can login into the server.