search

tpm2-software / tpm2-pkcs11

A PKCS#11 interface for TPM2 hardware
https://tpm2-software.github.io
Other
278 stars 104 forks source link

Multiple keys / Specific key selection for SSH #850

Open rally-dimi opened 1 year ago

rally-dimi commented 1 year ago

Is there a way to choose key using label or pid tp present to SSH service ? For example when connecting to gihub, when there are 2 keys, first key would be used and push would fail - if second one have permissions.

Host github-work
  HostName github.com
  User git
  PKCS11Provider /usr/lib/x86_64-linux-gnu/libtpm2_pkcs11.so.1
  ForwardAgent yes
  PasswordAuthentication no
  IdentitiesOnly yes

Host github-home
  HostName github.com
  User git
  PKCS11Provider /usr/lib/x86_64-linux-gnu/libtpm2_pkcs11.so.1
  PasswordAuthentication no
  IdentitiesOnly yes
rally-dimi commented 1 year ago

Some debug logs:

GIT_SSH_COMMAND="ssh -vvv" git clone git@github.com:<project>.git
...
debug1: Will attempt key: /usr/lib/x86_64-linux-gnu/libtpm2_pkcs11.so.1.6.0 RSA SHA256:<key1> agent
debug1: Will attempt key: /usr/lib/x86_64-linux-gnu/libtpm2_pkcs11.so.1.6.0 RSA SHA256:<key2> agent
...
debug1: Server accepts key: /usr/lib/x86_64-linux-gnu/libtpm2_pkcs11.so.1.6.0 RSA SHA256:<key1> agent
...
authenticated