pivy
pivy copied to clipboard
arekinath
Tools for using PIV tokens (like Yubikeys) as an SSH agent, for encrypting data at rest, and more
When at the PIN prompt, neither Ctrl-C nor Ctrl-D will exit the program. You have to enter a PIN of some kind, or go and kill the program from another...
``` $ pivy-tool setup --help pivy-tool: invalid option -- '-' pivy-tool: invalid option -- 'h' pivy-tool: invalid option -- 'e' pivy-tool: invalid option -- 'l' Initializing CCC and CHUID files......
Without a Yubikey connected, and without an SSH agent available, the program exits rather than entering the recovery menu: ``` $ pivy-box stream decrypt some.ebox >some.plain.txt pivy-box: 'stream decrypt' command...
PAM builds, ZFS.. [unfortunately libzfs is kind of a mess](https://forums.freebsd.org/threads/userland-c-program-using-zfs.73756/) :/
"YubiKey" is written with a capital K, see https://www.yubico.com/
I updated my pivy installation from the `arekinath/pivy` fork for the first time in the while. After running `make distclean` followed by `make`, `pivy-tool` et al. were working, but `pivy-agent`...
Is it possible to have the agent support multiple keys with different guids? I have 2 yubikeys with the same certificate loaded in both and like to be able to...
PIV tokens can be configured to only require the PIN once in a session. Assuming pivy-agent keeps the PIV session open, it doesn't need to keep the PIN in memory...
It's unfortunate that one needs to remember to provide the PIN with `ssh-add -X` at every reboot. If ssh-askpass is available, pivy-agent could use it to obtain the PIN from...