The Trusted Key SSH Agent is an open source tool for managing
an SSH Key together with the Trusted Key Digital Identity Wallet App. The SSH Key can be
used with any existing OpenSSH environment including management of Linux-based servers, or
managing Git environments with services such as Github or Bitbucket. The Trusted Key SSH
Agent is a piece of software that is installed on your local machine with support for a wide
range of environments and OSs. When the user attempts to use their SSH key to access a
server or do a Git service, the agent will make a request to the Trusted Key App on their
mobile device. The user will log into the Trusted Key App using a 6-digit passcode or
biometrics, review the request, and approve. Upon approval the Trusted Key Agent on the
local machine will grant the SSH user request. The Trusted Key SSH Agent provide advantages
for a wide range of SSH users which can be broadly grouped into 3 categories:
Users who use unencrypted keys stored on their local drive:
Obviously this practice carries a great deal of risk. The Trusted Key SSH Agent will allow
these users to employ best practice SSH security in an easy to use way.
User who use passphrase encrypted SSH keys stored on their local drive:
Password security typically has security holes and can be troublesome to manage. The Trusted
Key SSH Agent offers better security in a hassle free way.
Security conscious Users who store SSH keys on encrypted USB FOBs:
The Trusted Key SSH App offers equivalent levels of security with greater convenience. No more
getting to the office and finding out you forgot your USB drive a home.
The Trusted Key Secure SSH Solution is made up of three
Trusted Key App: The Trusted Key Mobile App provides the SSH
Key and is used to control SSH authorizations
Trusted Key Agent: The Trusted Key Agent is installed on the
users local machine. The Agent manages the Trusted Key Secure SSH Keys on the local machine together
with the Trusted Key App
Trusted Key Authkeys (Optional): The Trusted Key Authkeys is an
optional tool for installation on a server managed by the Trusted Key Secure SSH Key. When a user
gets a new phone and recovers their Trusted Key App the associated SSH key will change. The AuthKey
tool by referring to the Trusted Key Blockchain network can automatically provide authorization for
the new key, eliminating the need to setup a new key in the server keystore
Installation and Use of Secure SSH Key Management
Trusted Key Digital Identity Wallet
Mobile App for Android and iOS to generate SSH key and manage authorization of key
These are optional libraries that can be installed on OpenSSH servers being accessed by a Trusted Key
App SSH Key. The Authkeys library references the Trusted Key Network to allow users recover their
Trusted Key App on a new device and continue to access servers without the need to update their SSH
The Trusted Key Digital Identity Wallet is based on the
Ethereum blockchain and as such has its own public key. This key is hardware generated from
the Secure Module (TPM) in your phone such as Apple Secure Enclave or ARM TrustZone. For the
purpose of SSH we take the Ethereum public key and change the formatting so it is OpenSSH
What happens if I get a new phone?
The Trusted Key App has a set of backup and recovery
features. However in the event of installing a new Trusted Key App your SSH Key will change
and you will need to register your new key with your associated services. Trusted Key is
working on a server side application that will allow users to continue to use their
recovered Trusted Key App without the need to change SSH Keys.
How secure is the Trusted Key App against hackers if my
phone is stolen?
Your Trusted Key App is protected by a 6-digit passcode
or your biometric such as TouchID. The information within the App such as your private keys
are hardware encrypted in the phone’s TPM such as Apple Secure Enclave or ARM TrustZone. So
in short it is very very difficult for hackers to access the Trusted Key App.
How much does it cost?
Nothing. The Trusted Key SSH Agent is open source and
free. The Trusted Key App is available for free on the iOS and Android store.