kryptco / krypton-android

DEPRECATED Krypton turns your Android device into a U2F Authenticator: strong, unphishable 2FA.
https://krypt.co
Other
203 stars 50 forks source link

"Allow All From Device for 3h" option #98

Open radix opened 6 years ago

radix commented 6 years ago

I have an ssh setup where I connect to a bunch of different hosts, and also connect to some hosts via ProxyJump. This means I have to authorize a LOT of connections with my phone -- the ProxyJump ones in particular can't get cached at all, because they don't have any hostname associated with them. I believe this is a limitation of the ssh-agent protocol or openssh client.

I have resorted to just choosing "Never ask" and disabling "Always ask for unknown hosts" in my krypton app's settings, but I consider this a reduction in security. What I want is a way to allow all connections from a particular device for a limited time. I don't believe there's a way to do that currently.

kcking commented 6 years ago

In order to use jump hosts with Krypton, you have to use a slightly different config (the ProxyJump shorthand doesn't use krssh to parse the server signature, so we have to write out the full ProxyCommand).

We have a guide to set this up here: https://krypt.co/docs/ssh/using-a-bastion-host.html

Please let us know if you have any questions.