You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Thomas Wolf (Jira)" <ji...@apache.org> on 2021/11/03 21:33:00 UTC

[jira] [Created] (SSHD-1221) Support key constraints when adding a key to an SSH agent

Thomas Wolf created SSHD-1221:
---------------------------------

             Summary: Support key constraints when adding a key to an SSH agent
                 Key: SSHD-1221
                 URL: https://issues.apache.org/jira/browse/SSHD-1221
             Project: MINA SSHD
          Issue Type: Improvement
    Affects Versions: 2.7.0
            Reporter: Thomas Wolf
            Assignee: Thomas Wolf


This is needed for OpenSSH compatibility. [OpenSSH|https://datatracker.ietf.org/doc/html/draft-miller-ssh-agent-04#section-4.2.6] documents three constraints:
 * confirm - the agent prompts the user before each key use of a key added with this option.
 * lifetime - in seconds; the agent automatically removes the key when the time expires.
 * generic extensions, of which there is one:
 ** sk-provider - path to a middleware library needed for FIDO keys

 The [IETF draft|https://datatracker.ietf.org/doc/html/draft-ietf-secsh-agent-02#section-1.4.2] also has constraints for keys being added, but of course those are different, and their draft looks incomplete in those sections.

Apache MINA sshd should provide interfaces that enable users to implement adding keys to an agent with arbitrary constraints, and should provide a default implementation compatible with OpenSSH.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org