Feature Request: Approving connections with user authentication

[noaho]

This is a great framework, thanks so much for this!

Would it be possible to approve individual ssh sessions with the fingerprint sensor/face ID?

At the moment the exportability protection doesn't mean a lot, because anyone with access to termux (eg, through sending an intent, or writing to termux's storage/bash profile) can use the stored details in ssh-config to connect over SSH and add a new key to ~/.ssh/authorized_keys of all stored hosts.

And, the Keystore is always unlocked immediately when the phone is unlocked. So, this doesn't seem to add much more protection than just relying on the phone's disk encryption / privilege seperation and skipping the keystore entirely.

Would it be possible to use setUserAuthenticationRequired(true) in the creation of the keys, and then prompt the user for each ssh connection? This would allow the keys to stay locked until the user needs them, at which point they can deny a request if they weren't expecting it, greatly improving the security overall.

I think it would require some handling of the ssh connection process, such as mentioned here:

"Cryptographic operations involving keys which require user authentication to take place for every operation can only use biometric authentication. This is achieved by initializing a cryptographic operation (Signature, Cipher, Mac) with the key, wrapping it into a BiometricPrompt.CryptoObject, invoking BiometricPrompt.authenticate with CryptoObject, and proceeding with the cryptographic operation only if the authentication flow succeeds. "

[nomeata]

@noaho, I’m curoius: Did you make some progress on this by chance, with tergent or some other solution?

[Efreak]

Set the validity to 1 second to automatically lock the keystore.