diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 21 |
1 files changed, 19 insertions, 2 deletions
@@ -35,12 +35,17 @@ confirmation You can use the `--*-confirmed` options (e.g.`--comment-confirmed`) to add keys for which you want to be asked on each use through the filter. The confirmation is done in the same way as when you `ssh-add -c` a key to your `ssh-agent`, but the question will contain some additional information extracted from the sign request. +These types of sign requests are dissected: +* ssh connections +* authentications with `libpam-ssh-agent-auth` +* ssh certificates + how it works ------------ -ssh-agent-filter provides a socket interface identical to that of a normal ssh-agent. -We don't keep private key material, but delegate requests to the upstream ssh-agent after checking if the key is allowed. +`ssh-agent-filter` provides a socket interface identical to that of a normal `ssh-agent`. +We don't keep private key material, but delegate requests to the upstream `ssh-agent` after checking if the key is allowed. The following requests are implemented: * `SSH2_AGENTC_REQUEST_IDENTITIES`: @@ -58,3 +63,15 @@ The following requests are implemented: * success is returned without doing anything Requests to add or remove keys and to (un)lock the agent are refused + + +threat model +------------ + +We assume trusted: +* the user invoking our software +* the upstream ssh-agent +* the user giving or declining confirmation + +We assume untrusted: +* any connection from clients on our listening socket |