TKey ssh-agent
Description
The ssh-agent for TKey can be used for SSH Public Key Authentication, which is a more secure and cryptographically stronger method to authenticate against SSH servers compared to using passwords.
Here you will learn how to install tkey-ssh-agent and generate a public SSH key.
Installation and usage
Linux
Installing tkey-ssh-agent
We provide an officially supported tkey-ssh-agent deb package for the Ubuntu distribution. If you run another Linux distribution, you may download the tkey-ssh-agent source code from our GitHub repository, compile and install, and then proceed to the heading Generating a public SSH key.
- Open a terminal in Ubuntu. You will enter all the commands in the terminal.
- Download tkey-ssh-agent.
wget https://github.com/tillitis/tillitis-key1-apps/releases/download/v0.0.6/tkey-ssh-agent_0.0.6-1_amd64.deb
- Install tkey-ssh-agent.
sudo dpkg -i tkey-ssh-agent_0.0.6-1_amd64.deb
Generating a public SSH key
- Insert your TKey in your device.
- Enable and start the systemd user service from your terminal.
systemctl --user enable --now tkey-ssh-agent
- Make the SSH_AUTH_SOCK environment variable point to tkey-ssh-agent.
export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/tkey-ssh-agent/sock
- Verify SSH_AUTH_SOCK is similar to: /run/user/999/tkey-ssh-agent/sock.
echo $SSH_AUTH_SOCK
- List your TKey’s public SSH key. This loads the required TKey device app, if not already loaded, and prompts you to input a User-Supplied Secret. The status indicator on your TKey shall become blue.
ssh-add -L
- Go to tillitis.se/getstarted and, in the table, click the application or protocol for which you want to use tkey-ssh-agent and follow the instructions.
For more information and configuration examples for SSH, see the manual page.
man tkey-ssh-agent
macOS
Installing tkey-ssh-agent
We distribute our officially supported tkey-ssh-agent package for MacOS through Homebrew so make sure to have Homebrew installed before proceeding.
- Open a terminal in MacOS. You will enter all the commands in the terminal.
- Install tkey-ssh-agent.
brew install tkey-ssh-agent
Generating a public SSH key
- Insert your TKey in your device.
- Enable and start the system service from your terminal.
brew services restart tkey-ssh-agent
- Make the SSH_AUTH_SOCK environment variable point to tkey-ssh-agent.
export SSH_AUTH_SOCK="$HOMEBREW_PREFIX/var/run/tkey-ssh-agent.sock"
- Verify SSH_AUTH_SOCK is similar to: opt/homebrew/var/run/tkey-ssh-agent.sock.
echo $SSH_AUTH_SOCK
- List your TKey’s public SSH key. This loads the required TKey device app, if not already loaded, and prompts you to input a User-Supplied Secret. The status indicator on your TKey shall become blue.
ssh-add -L
- Go to tillitis.se/getstarted and, in the table, click the application or protocol for which you want to use tkey-ssh-agent and follow the instructions.
For more information and configuration examples for SSH, see the manual page.
man tkey-ssh-agent
Windows
Installing tkey-ssh-agent
We distribute our officially supported tkey-ssh-agent package for Windows through Winget so make sure to have Winget and PowerShell installed before proceeding.
If you prefer not to use PowerShell and Winget, you may download the tkey-ssh-agent msi package from our GitHub repository, install it, and then proceed to the heading Generating a public SSH key.
- Open PowerShell in Windows. You will enter all the commands in PowerShell.
- Install tkey-ssh-agent.
winget install tkey-ssh-agent
- Install Gpg4win.
(By default, TKey SSH Agent uses a pinentry tool from Gpg4win for requesting a User-Supplied Secret.)winget install gpg4win
Generating a public SSH key
- Insert your TKey in your device.
- Start TKey SSH Agent from the Windows Start menu. This shortcut launches tkey-ssh-agent-tray which runs tkey-ssh-agent with flags that set our default pipe name (which is needed later), and enables entering of a User-Supplied Secret.To make tkey-ssh-agent run automatically on startup, you can copy its shortcut to your “Startup” folder, as described in this article.
- Make the SSH_AUTH_SOCK environment variable point to tkey-ssh-agent.
$env:SSH_AUTH_SOCK = '\\.\pipe\tkey-ssh-agent'
SSH commands run in this PowerShell instance inherit the environment variable and connect to tkey-ssh-agent for operations. As will other commands such as git and code (Visual Studio Code) that run SSH.
To learn about how to set an environment variable persistently, for future PowerShell instances, and other programs started from Windows, see this article.
- List your TKey’s public SSH key. This loads the required TKey device app, if not already loaded, and prompts you to input a User-Supplied Secret. The status indicator on your TKey shall become blue.
ssh-add -L
- If you are using Git, you can install Git-for-Windows which is commonly used together with SSH agents and Visual Studio Code.
winget install git.git
- From the Windows Start menu, go to “Settings → Apps & features → Optional features” and add the “OpenSSH Client” feature.Note: The use of SSH requires that the OpenSSH Client feature is enabled and the commands ssh and ssh-add are available in PowerShell.
- If you want Git-for-Windows to use Windows OpenSSH Client instead of the default bundled SSH client, change the configuration.
$sshpath = (get-command ssh.exe).path -replace '\\','/' git config --global core.sshCommand $sshpath git config --global --get core.sshCommand
- Verify the command output is simlar to C:/Windows/System32/OpenSSH/ssh.exe.
- Go to tillitis.se/getstarted and, in the table, click the application or protocol for which you want to use tkey-ssh-agent and follow the instructions.