The release is signed withC100 3466 7663 4E80 C940 FB9E 9C02 FF41 9FEC BE16.

⚠️ Breaking Changes⚠️

ssh-tpm-agent won't useSSH_AUTH_SOCK as the default socket environment
variable anymore. Asssh-tpm-agent support proxy features and intended to be
run along side an existingssh-agent this does not make much sense anymore.

InsteadSSH_TPM_AUTH_SOCK is the new standard environment variable.

agent: Don't overwrite SSH_AUTH_SOCK socket

Changes

Support forrsa-sha2-512

Previouslyssh-tpm-agent did not supportsha512. This is annoying as in many
casesssh is going to try and opt forsha512 when dealing with RSA keys. As
most TPMs do not support SHA512, a hack was implemented using the raw
TPM2_Decrypt call to implement support for other hash algorithms.

See upstreamgo-tpm-keyfiles project commit:
tpm: support RSA signing with SHA512

As a bonus:
ssh-keygen -Y sign did not support setting thehashalg with-O. I sent a
patch to fix that, so you can useRSA keys withSHA256 for signatures if
needed.
upstream: when using RSA keys to sign messages, select the signature algorithm based on the requested hash algorithm ("-Ohashalg=xxx").

New Features

MANPAGES!

We now have manpages!

• ssh-tpm-agent(1)
• ssh-tpm-keygen(1)
• ssh-tpm-add(1)
• ssh-tpm-hostkeys(1)

Typos may follow.

Implement man pages

Hierarchy keys

ssh-tpm-agent is now capable of preloading hierarchy keys into the agent.
These keys are not the usual keys and persist across installs and system
reboots.

The TPMs have several hierarchies you can create keys under. Theowner
hierarchy should be unique for each owner of a given device. Theendorsement
hierarchy should be unique for the lifetime of the device, andnull should be
unique for the current device power cycle.

ssh-tpm-agent --hierarchy endorsement will now start the agent with two keys,
oneecdsa key and onersa keys which is bound to the endorsement hierarchy
of the device.This is useful for host keys as they can persist between
installations of the operating system and ephemeral root disks.

To create the public portions of the host keys you can used
ssh-tpm-keygen -A --hierarchy endorsement

Implement hierarchy keys #87

keyctl support for PIN caching

In previous releases passwords/pins for keys where stored along side the key in
the memory. Now these values are passed to the kernel keyring for storage and
only stored in memory while it is used. After use there is an attemt at using
mmap to clear the memory.

This ensures that only thessh-tpm-agent process can access these secrets.

Note thehuge caveat that this is Go, and any handling of the secretsbefore
we pass them tokeyctl might be leakable in a crash drump etc. I have a goal
of trying to improve this in the future.

Implement kernel keyctl support

Initial support for landlock

ssh-tpm-agent now has some baseline support forlandlock
sandboxing of the processes. This is disabled by default but can be enabled by
setting theSSH_TPM_LANDLOCK environment variable.

If you run a distro with different requirements, please help test this feature
as I would like to turn it on by default in the future.

Note thatssh-tpm-keygen does not support landlock yet.

Initial support for landlock

Support signing with SSH certificates

ssh-tpm-agent supports signing with SSH certificates now.

Implement signing using SSH certificates

Better support forssh-add inssh-tpm-agent

ssh-add will now attempt to also include the certificate if found alongside
the ssh key.

agent: ensure we load certificates if found

#Generated list of changes

What's Changed

• fix add ssh certificate with existing key by@gartnera in#67
• Fix build with go 1.23 by@gartnera in#68
• agent: Don't overwrite SSH_AUTH_SOCK socket by@mkj in#70
• Feat: Add seahorse ssh-askpass to search list by@0siriz in#71
• Implement signing using SSH certificates by@Foxboron in#82
• Implement man pages by@Foxboron in#76
• Implement kernel keyctl support by@Foxboron in#84
• Implement hierarchy keys by@Foxboron in#87
• Initial support for landlock by@Foxboron in#88

New Contributors

• @gartnera made their first contribution in#67
• @mkj made their first contribution in#70
• @0siriz made their first contribution in#71

Full Changelog:v0.7.0...v0.8.0

Contributors

Changelog

• The fedora path tognome-ssh-askpass has beeen addeed
• Some prompts with thepin terminology has been changed topassphrase
• ssh-tpm-agent has now learned to cache passphrases. This can be disabled by passing--no-cache.
• ssh-tpm-keygen -A will now use the correctly create an ECDSA key

Generated list of changes

What's Changed

• feat: add Fedora gnome-ssh-askpass path to search list by@umglurf in#60
• Use passphrase terminology, not PIN by@dcousens in#57
• agent: learn to cache userauths for TPM keys by@Foxboron in#61
• agent: Remove duplicate--print-pubkey in usage by@stigtsp in#63
• Fix building by@quite in#64

New Contributors

• @umglurf made their first contribution in#60
• @quite made their first contribution in#64

Full Changelog:v0.6.0...v0.7.0

Contributors

The release is signed withC100 3466 7663 4E80 C940 FB9E 9C02 FF41 9FEC BE16.

New Features

Support for SSH certificates

ssh-tpm-add will now look forcert.pub files in the working directory when adding new files to the agent. The agent has also learned how to show the certificates to the ssh client.

Support forssh-tpm-ca-authority

ssh-tpm-ca-authority is a project to try and provision short-lived device and identity bound SSH certificates. It's currently POC quality, butssh-tpm-add has learned how to fetch these certificates for demo purposes.

Misc fixes

• The askpass prompt will now be the standard openssh prompt string. This is to enable caching implemented by some agents.

Bug fixes

• askpass programs will now be looked for in theSSH_ASKPASS environment flag as intended.
• ssh-tpm-agent would not report any errors if it failed to find an askpass binary. This has been fixed

Full Changelog:v0.5.0...v0.6.0

The release is signed withC100 3466 7663 4E80 C940 FB9E 9C02 FF41 9FEC BE16.

⚠️ Breaking Changes⚠️

With the continued development ofgo-tpm-keyfiles there was several issues
with the key format thatssh-tpm-keygen previously generated.

This has been corrected however supporting older keys is going to be hard. So
please recreate any keys you have made with previous releases.

Sorry for the bother, but as the keys are now properly compatible with the other
tss keys this should not happen in the future.

Changes

Thepinentry usage inssh-tpm-agent has been replaced withaskpass. This
requires you to have aaskpass binary installed for GUI password prompts to
display.

This also features a rework of all the prompts inssh-tpm-keygen.

The TPM interaction inssh-tpm-keygen has now fully moved togo-tpm-keyfiles.

https://github.com/Foxboron/go-tpm-keyfiles

Beware, dragons.

New Features

Better support forssh-add inssh-tpm-agent

Previously there was several stubbed functions inssh-tpm-agent that made for
a broken support when flags likessh-add -d was used. This has been fixed and
ssh-tpm-agent should now properly support, and with the proxy support should
forward, allssh-agent commands properly.

Creating and importing wrapped keys

ssh-tpm-keygen has learned how to create wrapped keys. Wrapped keys are keys
that can be created remotely and can be imported by the client. The wrapped keys
are only importable by the given TPM and can't be recovered by anyone else.

The way this work is that the client shares the public key of a given TPM
hierarchy, created bytpm2_createprimary, which is shared. The remote machine
can then create a SSH key withssh-keygen, or a key withopenssl, which is
wrapped byssh-tpm-keygen.

Creation of the shared secret under the owner hierarchy with a SRK, this needs
to be done on the client and shared with the remote machine.

$ tpm2_createprimary -C o -G ecc -g sha256 -c prim.ctx -a'restricted|decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda' -f pem -o srk.pem

Creation of a key on the remote end:

$ ssh-keygen -t ecdsa -b 256 -N"" -f ./ecdsa.key# OR with openssl$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out ecdsa.key# Wrap with ssh-tpm-keygen$ ssh-tpm-keygen --wrap-with srk.pub --wrap ecdsa.key -f wrapped_id_ecdsa

Which can then be imported on the client side throughssh-tpm-keygen --import:

$ ssh-tpm-keygen --import ./wrapped_id_ecdsa.tpm --output id_ecdsa.tpm

A usecase for this can be for provisioning purposes in an enterprise setting
where the clients are under central control and you want to provision with a
centrally controlled SSH key that can only be used by a single machine.

Please note that establishing some sort of trust between the remote and client
is a non-trivial problem.

Initial support for key creation under a given parent handle

With the support for importing wrapped keys,ssh-tpm-keygen has gotten
--parent-handle to create ssh keys under a given TPM hierarchy.

Support for persistent handles is not fully implemented yet.

Support forssh-tpm-keygen --print-pubkey

With the support for using wrapped and/or imported keys,ssh-tpm-keygen has
now learned a new flag--print-pubkey that will list the authorized keys
version of a given TPM key.

The release is signed withC100 3466 7663 4E80 C940 FB9E 9C02 FF41 9FEC BE16.

New Features

Owner password support

Passing--owner-password tossh-tpm-agent orssh-tpm-add will query for the owner password for the SRK.

Stubbing out missingssh-agent functions

Fixed a bug where usingssh-add withssh-tpm-agent would fail as the proxy operations where not implemented.

What's Changed

• add support for owner password by@novag in#37

New Contributors

• @novag made their first contribution in#37

Full Changelog:v0.3.1...v0.4.0

Contributors

Bugfix release

• Missinggo-tpm-keyfile update meant the key descriptions where not included in the keys.
• Ensure we are always setting a minimum bitlength value for keys.
• Ensure-f is treated as an aboslute path, and not have the ssh path appended.

What's Changed

• ssh-tpm-keygen: set default number of bits for ecdsa and rsa by@stigtsp in#44
• contrib/services/user/ssh-tpm-agent.service: fix SSH_AUTH_SOCK path by@nl6720 in#45

New Contributors

• @nl6720 made their first contribution in#45

Full Changelog:v0.3.0...v0.3.1

Contributors

The release is signed withC100 3466 7663 4E80 C940 FB9E 9C02 FF41 9FEC BE16.

⚠️ Breaking Changes⚠️

The key format has been changed from the custom binary format to the TPM 2.0 Key
files specification. Keys fromv0.1.0 andv0.2.0 are no longer supported and
ssh-tpm-agent will give you a warning when it finds such a key.

The reason for this change is that the older format was a custom binary format
that doesn't support TPM key policies and authpolicies that will be needed in
the future. The format would have to be versioned at some point so using an
established format makes more sense.

This change also creates incompatible TPM keys without a hardcoded signature
schemes. This allows us to support other hashing algorithms instead of always
relying onsha256.

This change also changes the TPM primary key from being RSA or ECDSA to
always standardizing on a NIST-P256 primary key.

For the spec:
https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html

The library for the key format:
https://github.com/Foxboron/go-tpm-keyfiles

New Features

Support for ecdsa 384 and 521 bit lengths

ECDSAp384 andp521 keys are now supported. They can be created with a the
-b switch.

λ ~ » ssh-tpm-keygen -t ecdsa -b 384λ ~ » ssh-tpm-keygen -t ecdsa -b 521

Note that the availability of the different bit lengths depends on the TPM
available on the system. Usessh-tpm-keygen --supported to list supported bit
lengths.

λ ~ » ssh-tpm-keygen --supportedecdsa bit lengths: 256 384rsa bit lengths: 2048

What's Changed

• Support p256, p384 and p521 by@Foxboron in#40
• Move key format to ASN.1 TPM Keys by@Foxboron in#41

Full Changelog:v0.2.0...v0.3.0

Contributors

The release is signed withC100 3466 7663 4E80 C940 FB9E 9C02 FF41 9FEC BE16.

New Features

Agent proxying

ssh-tpm-agent now allows ssh-agent proxying through the-A option. This allowsssh-tpm-agent to forward signing requests to other agents that supports other key types then the TPM keys. This is practical to keep one socket as a main socket while still not having to abandon non-TPM sealed keys.

Key import

ssh-tpm-keygen has gotten an--import command to allows people to import RSA2048 and ecdsa keys created byssh-keygen.

RSA key support

ssh-tpm-agent now supportsrsa2048 keys. TPMs usually do not support anything above 2048 bit strength, I recommend the ecdsa keys instead but someone might want RSA keys I guess.

Host Key support

This release implements support for TPM sealed host keys.ssh-tpm-hostkeys shows host keys and installs system global services, and configuration forsshd, to usessh-tpm-agent as a system daemon.ssh-tpm-keygen -A creates ecdsa and RSA host keys.

What's Changed

• Use $XDG_RUNTIME_DIR or /var/tmp/ by default for socket by@stigtsp in#5
• keygen: Use term.ReadPassword() when reading PIN by@stigtsp in#6
• Update README.md: fix typo in releases url by@jrwren in#7
• README: fix install example command by@stigtsp in#8
• agent: Allow password-caching in pinentry by@stigtsp in#11
• ssh-tpm-agent: Add ssh-agent proxy functionality with -A by@Foxboron in#13
• agent: add --key-dir as a flag, and warn if key dir is a symlink. by@andersju in#14
• Support RSA keys by@Foxboron in#17
• Implement import of existing keys by@Foxboron in#16
• Support comments in keys by@Foxboron in#18
• Socket activation and --install-user-units by@Foxboron in#19
• Implement ssh-tpm-add by@Foxboron in#21
• Fix typos and code formatting in README by@dcousens in#22
• Fix .tpm suffix in ssh-tmp-keygen by@rafiramadhana in#27
• LoadKeys() use env + slog.Debug + refactor by@jtagcat in#24

New Contributors

• @stigtsp made their first contribution in#5
• @jrwren made their first contribution in#7
• @Foxboron made their first contribution in#13
• @andersju made their first contribution in#14
• @dcousens made their first contribution in#22
• @rafiramadhana made their first contribution in#27
• @jtagcat made their first contribution in#24

Full Changelog:v0.1.0...v0.2.0

Contributors

Full Changelog:v1.0.0-rc1...v1.0.0-rc2

Release candidate.

What's Changed

• Use $XDG_RUNTIME_DIR or /var/tmp/ by default for socket by@stigtsp in#5
• keygen: Use term.ReadPassword() when reading PIN by@stigtsp in#6
• Update README.md: fix typo in releases url by@jrwren in#7
• README: fix install example command by@stigtsp in#8
• agent: Allow password-caching in pinentry by@stigtsp in#11
• ssh-tpm-agent: Add ssh-agent proxy functionality with -A by@Foxboron in#13
• agent: add --key-dir as a flag, and warn if key dir is a symlink. by@andersju in#14
• Support RSA keys by@Foxboron in#17
• Implement import of existing keys by@Foxboron in#16
• Support comments in keys by@Foxboron in#18
• Socket activation and --install-user-units by@Foxboron in#19
• Implement ssh-tpm-add by@Foxboron in#21

New Contributors

• @stigtsp made their first contribution in#5
• @jrwren made their first contribution in#7
• @Foxboron made their first contribution in#13
• @andersju made their first contribution in#14

Full Changelog:v0.1.0...v1.0.0-rc1

Contributors