Anthony Ryan anthonyryan1

Native Secure Enclave backed ssh keys on MacOS

It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive

There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder which supports loading keys directly from the secure enclave! SecurityKeyProvider is what is normally used to talk to FIDO2 devices (e.g. libfido2 can be used to talk to your Yubikey). However you can now use it to talk to your Secure Enclave instead!

	#!/bin/bash

	# Based on: http://www.systutorials.com/5450/improving-sshscp-performance-by-choosing-ciphers/#comment-28725
	#
	# You should set up PublicKey authentication so that you don't have to type your
	# password for every cipher tested.

	set -o pipefail

	ciphers="$@"

	/**
	* The MIT License (MIT)
	*
	* Copyright (c) 2013 Thom Seddon
	* Copyright (c) 2010 Google
	*
	* Permission is hereby granted, free of charge, to any person obtaining a copy
	* of this software and associated documentation files (the "Software"), to deal
	* in the Software without restriction, including without limitation the rights
	* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

	#!/bin/bash
	#
	# Watch current directory (recursively) for file changes, and execute
	# a command when a file or directory is created, modified or deleted.
	#
	# Written by: Senko Rasic <[email protected]>
	#
	# Requires Linux, bash and inotifywait (from inotify-tools package).
	#
	# To avoid executing the command multiple times when a sequence of