Is SSH agent secure?
The SSH agent keeps private keys safe because of what it doesn’t do: It doesn’t write any key material to disk. It doesn’t allow your private keys to be exported.
What is ssh-agent used for?
The ssh-agent provides a secure way of storing the passphrase of the private key. One advantage and common use of the agent is to use the key forwarding. Key forwarding allows you to open ssh sessions without having to type (again) your passphrase.
Is ssh-agent per user?
ssh directory exists. That you only want one ssh-agent socket per user on the system.
Can a SSH key be used as an OTP?
At the moment you either login with SSH key or with OTP. Let’s change this now, that you can use SSH key and OTP. The current OpenSSH comes with the options AuthenticationMethods. This is used to concatenate required authentication methods.
Can a vault server create a one time SSH password?
Vault can create a one-time password (OTP) for SSH authentication on a network every time a client wants to SSH into a remote host using a helper command on the remote host to perform verification. An authenticated client requests an OTP from the Vault server.
Why do I need a SSH key for OpenSSH?
The current OpenSSH comes with the options AuthenticationMethods. This is used to concatenate required authentication methods. See the man page of sshd_config for more details. This means that SSH will require that you pass a trusted SSH key and after this ask you for a password (PIN+OTP), which will be verified by privacyIDEA.
What are the authentication factors for SSH key?
Thus you have the following authentication factors: SSH Key (soft possession factor – copyable!) optional passphrase on the SSH Key, which is not controlled by the server! ( knowledge) OTP token supported by privacyIDEA like Google Authenticator or preferable a Yubikey (hard possession factor – not copyable)