SSH agent for the OnlyKey.
SSH is a popular remote access tool that is often used by administrators. Thanks to the OnlyKey SSH Agent remote access can be passwordless and more secure.
SSH Agent Quickstart Guide
1) After installing prerequisites, install OnlyKey agent on your client machine:
$ sudo pip2 install onlykey onlykey-agent
2) Generate your First SSH Key on the OnlyKey Plug and unlock your OnlyKey and then run:
$ onlykey-agent [email protected]
Where user is your usual SSH user and host the host you want to connect to.
3) You now have the SSH public key for the user and the host you previously selected.
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFwsFGFI7px8toa38FVeBIKcYdBvWzYXAiVcbB2d1o3zEsRB6Lm/ZuCzQjaLwQdcpT1aF8tycqt4K6AGI1o+qFk= [email protected]
Cut and paste the whole string into your server ~/.ssh/authorized_keys file, you’re now ready to use SSH with your newly generated key.
4) From now on you can log in to your server using OnlyKey using the following command:
$ onlykey-agent -c [email protected]
You will be prompted for a challenge code, type this on your OnlyKey to complete log in.
Note: This method can also be used for git push or other mechanisms that are using SSH as their communication protocol:
$ onlykey-agent [email protected] git push
Windows Install with dependencies
Currently Windows is not supported directly but may be used with Windows Subsystem for Linux (WSL). Follow the WSL guide here to set this up. This essentially installs Linux on Windows, for example you can install Ubuntu Linux on Windows and then follow the instructions below “Ubuntu Install with dependencies”.
MacOS Install with dependencies
Python 2.7 and pip are required. To setup a Python environment on MacOS we recommend Anaconda https://www.anaconda.com/download/#macos
$ pip2 install onlykey onlykey-agent
Ubuntu Install with dependencies
$ apt update && apt upgrade $ apt install python-pip python-dev libusb-1.0-0-dev libudev-dev $ pip install onlykey $ pip install onlykey-agent
Debian Install with dependencies
$ apt update && apt upgrade $ apt install python-pip python-dev libusb-1.0-0-dev libudev-dev $ pip install onlykey onlykey-agent
Fedora/RedHat/CentOS Install with dependencies
$ yum update $ yum install python-pip python-devel libusb-devel libudev-devel \ gcc redhat-rpm-config $ pip install onlykey onlykey-agent
OpenSUSE Install with dependencies
$ zypper install python-pip python-devel libusb-1_0-devel libudev-devel $ pip install onlykey onlykey-agent
Linux UDEV Rule
In order for non-root users in Linux to be able to communicate with OnlyKey a udev rule must be created as described here.
Keys are generated unique for each user / host combination. By default OnlyKey agent uses NIST P256 but also supports ED25519 keys. ED25519 can be used as follows:
1) Generate ED25519 public key using onlykey-agent
$ onlykey-agent [email protected] -e ed25519
2) Log in using ED25519 public key
$ onlykey-agent -c [email protected] -e ed25519
You can also just type
-e e instead of typing out the full
The project started from a fork trezor-agent (thanks!).