Trusted Key Secure SSH

The Trusted Key SSH Agent is an open source tool for managing an SSH Key together with the Trusted Key Digital Identity Wallet App. The SSH Key can be used with any existing OpenSSH environment including management of Linux-based servers, or managing Git environments with services such as Github or Bitbucket. The Trusted Key SSH Agent is a piece of software that is installed on your local machine with support for a wide range of environments and OSs. When the user attempts to use their SSH key to access a server or do a Git service, the agent will make a request to the Trusted Key App on their mobile device. The user will log into the Trusted Key App using a 6-digit passcode or biometrics, review the request, and approve. Upon approval the Trusted Key Agent on the local machine will grant the SSH user request. The Trusted Key SSH Agent provide advantages for a wide range of SSH users which can be broadly grouped into 3 categories:


User Benefits


Users who use unencrypted keys stored on their local drive:

Obviously this practice carries a great deal of risk. The Trusted Key SSH Agent will allow these users to employ best practice SSH security in an easy to use way.

User who use passphrase encrypted SSH keys stored on their local drive:

Password security typically has security holes and can be troublesome to manage. The Trusted Key SSH Agent offers better security in a hassle free way.

Security conscious Users who store SSH keys on encrypted USB FOBs:

The Trusted Key SSH App offers equivalent levels of security with greater convenience. No more getting to the office and finding out you forgot your USB drive a home.

The Trusted Key Secure SSH Solution is made up of three components:

Trusted Key App: The Trusted Key Mobile App provides the SSH Key and is used to control SSH authorizations

Trusted Key Agent: The Trusted Key Agent is installed on the users local machine. The Agent manages the Trusted Key Secure SSH Keys on the local machine together with the Trusted Key App

Trusted Key Authkeys (Optional): The Trusted Key Authkeys is an optional tool for installation on a server managed by the Trusted Key Secure SSH Key. When a user gets a new phone and recovers their Trusted Key App the associated SSH key will change. The AuthKey tool by referring to the Trusted Key Blockchain network can automatically provide authorization for the new key, eliminating the need to setup a new key in the server keystore

Installation and Use of Secure SSH Key Management

Trusted Key Digital Identity Wallet

Mobile App for Android and iOS to generate SSH key and manage authorization of key
Apple iOS
Apple Download
Android
Android Download


Trusted Key SSH Agent

Easily add the Trusted Key Secure SSH Agent to your local machine using the below builds or build from source:
Debian / Ubuntu
Auth0 Repository
Redhat / Fedora
OpenID Connect Repository
NixOS
Drupal Repository
Source
WordPress Repository
MacOSX / HomeBrew
JS Repository
Win10 / WSL(Ubuntu)
OpenID Connect Repository


Trusted Key SSH Authkeys

These are optional libraries that can be installed on OpenSSH servers being accessed by a Trusted Key App SSH Key. The Authkeys library references the Trusted Key Network to allow users recover their Trusted Key App on a new device and continue to access servers without the need to update their SSH Key
Debian / Ubuntu
Auth0 Repository
Redhat / Fedora
OpenID Connect Repository
NixOS
Drupal Repository

FAQ

How is the Trusted Key SSH Key generated?

The Trusted Key Digital Identity Wallet is based on the Ethereum blockchain and as such has its own public key. This key is hardware generated from the Secure Module (TPM) in your phone such as Apple Secure Enclave or ARM TrustZone. For the purpose of SSH we take the Ethereum public key and change the formatting so it is OpenSSH compliant.

What happens if I get a new phone?

The Trusted Key App has a set of backup and recovery features. However in the event of installing a new Trusted Key App your SSH Key will change and you will need to register your new key with your associated services. Trusted Key is working on a server side application that will allow users to continue to use their recovered Trusted Key App without the need to change SSH Keys.

How secure is the Trusted Key App against hackers if my phone is stolen?

Your Trusted Key App is protected by a 6-digit passcode or your biometric such as TouchID. The information within the App such as your private keys are hardware encrypted in the phone’s TPM such as Apple Secure Enclave or ARM TrustZone. So in short it is very very difficult for hackers to access the Trusted Key App.

How much does it cost?

Nothing. The Trusted Key SSH Agent is open source and free. The Trusted Key App is available for free on the iOS and Android store.