search

kryptco / kr

DEPRECATED A dev tool for SSH auth + Git commit/tag signing using a key stored in Krypton.
https://krypt.co/developers/
Other
1.59k stars 109 forks source link

Device not receiving request for approval #255

Open schmorrison opened 5 years ago

schmorrison commented 5 years ago

I have installed kr on a couple machines, and paired those machines with the krypton app on my phone. However when I login to the device via ssh, eg. ssh user@10.10.0.5 my login succeeds and my phone does not request approval for the login attempt.

If I type the ssh me.krypt.co in any of my machines, my phone requests the login approval and logs the attempt.

I suppose I may be misunderstanding how this program is supposed to work. But I assumed that any login attempt would trigger an approval request through my phone.

kesoji commented 5 years ago

You don't need to pair kr on the machine you want to log in "to". You only need to pair kr on the machine your log in "from".

On the machine you log in "to", you need to add your public key you generated when you installed krtpton to .ssh/authorized_keys.

https://krypt.co/docs/start/upload-your-ssh-publickey.html may help.

schmorrison commented 5 years ago

@kesoji Thanks for the clarification. Well I had it working the whole time then I guess.

So the premise of the feature is to prevent your computer from logging into an SSH server when you don't want it to. Presumably to prevent your computer from being used to ssh into a server while you are not using it.

Although I think the opposite functionality would be extremely useful; having the SSH server owner approve all login attempts.

kesoji commented 5 years ago

I think the main purpose of krypton is "Let's make two-factor easy & secure" as Official Site says. At that point of view, the functionality works well.

The opposite functionality you mentioned is partially or fully archived by Krypton Teams, I think.