kryptco / krypton-ios Goto Github PK
View Code? Open in Web Editor NEWDEPRECATED Krypton turns your iOS device into a WebAuthn/U2F Authenticator: strong, unphishable 2FA.
Home Page: https://krypt.co
License: Other
DEPRECATED Krypton turns your iOS device into a WebAuthn/U2F Authenticator: strong, unphishable 2FA.
Home Page: https://krypt.co
License: Other
Would be cool to have allow access for a custom timeframe, specifically day and week :)
exporting core data .sqlite file doesn't seem to be grabbing very recent log statements
or optionally change frequency with which they appear
Limit the circumstances under which a paired device can request signatures from Kryptonite and under which circumstances Kryptonite will auto-approve.
x
hours" )remove "$"
This prevents a physical adversary from accepting login requests on an unlocked phone.
Notification replaced then disappears
I updated to 2.1.0 on my macbook last week, and now the Allow for 3 hours option is no longer working, and I'm being asked for every request. I was not notified of any update to the app.
The current release shows the widget preview and the default "Share Kryptonite..." menu only.
It would be nice to have a 3D-touch app icon menu that includes quick access to:
Maybe the widget should have those actions as well.
In my setup, I use a "bastion" (aka SSH jumpbox or proxy) which randomly assigns localhost TCP ports whenever I create a new SSH connection tunneled via an HTTPS WebSocket. For instance, it allows me to connect to a server in a private network when I connect to localhost:12345 where 12345 is a randomly assigned port number.
For the local SSH agent, I can add StrictHostKeyChecking=no
and UserKnownHostsFiles=/dev/null
to .ssh/config
's Host localhost
section, to prevent clutters caused by randomized host:port
pairs (even when connecting to the same destination server).
I'd like to have a simple option to achieve the same effect for localhost in Kryptonite. Also, if this is enabled, all pairs of localhost and random port numbers should be treated as the same target host so that "allow for 3 hours" work with all localhost connections (maybe releated to #63).
removes possible deadlock on UI thread
Leave for post 2.0 release
if app opened with pending auths user will be asked all of them, even if expired.
otherwise remote notifications can still be sent by unpaired computers
cause of kryptco/kr#126
I'm using the iOS app version 2.1.1, and these for the other apps:
$ kr --version
kr version 2.1.2
$ ssh -V
OpenSSH_7.3p1, LibreSSL 2.4.1
The issue I'm seeing is when I try to connect to an SSH destination through an intermediate "jump host," using a configuration similar to this (edited for confidentiality and to remove (hopefully) irrelevant details):
Host jump-host
HostName jumphost.companyname.local
Host destination-host
Hostname 10.42.0.30
ProxyJump jump-host
Host *
PKCS11Provider /usr/local/lib/kr-pkcs11.so
ProxyCommand /usr/local/bin/krssh %h %p
IdentityFile ~/.ssh/id_kryptonite
My Kryptonite public key is installed in the authorized_hosts
file of both the jump host and the destination host, and I can successfully connect to destination-host
with the command ssh destination-host
. The problem is that after a recent version upgrade, the "Allow for 3 hours" option in the iOS app only works for the jump host. Here's the sequence of events for a "cold" connection:
ssh destination-host
from a computer paired with the Kryptonite iOS appjump-host
is initiated, and I'm alerted on my phone to approve of an authentication request from jump-host.companyname.local
.But when I reattempt the connection immediately thereafter:
ssh destination-host
jump-host
is initiated, I'm alerted on my phone that an authentication request from jump-host.companyname.local
was automatically approved, and the connection to the jump host is established.Additional observations:
jump-host.companyname.local
), but not the destination host.jump-host.companyname.local
), but the destination host by IP address.Some possibly relevant debug messages from the ssh client (from a "warm" connection attempt, and edited for confidentiality):
debug1: Executing proxy command: exec /usr/local/bin/krssh jump-host.companyname.local 22
debug1: Authenticating to jump-host.companyname.local:22 as 'username'
debug1: Host 'jump-host.companyname.local' is known and matches the RSA host key.
debug1: Found key in /Users/username/.ssh/known_hosts:236
debug1: Offering RSA public key: /Users/username/.ssh/id_kryptonite
debug1: Server accepts key: pkalg ssh-rsa blen 535
Kryptonite ▶ Requesting SSH authentication from phone
Kryptonite ▶ Success. Request Allowed ✔
debug1: Authentication succeeded (publickey).
Authenticated to jump-host.companyname.local (via proxy).
debug1: channel_connect_stdio_fwd 10.20.0.75:22
debug1: channel 0: new [stdio-forward]
debug1: Authenticating to 10.42.0.30:22 as 'username'
debug1: Offering RSA public key: /Users/username/.ssh/id_kryptonite
debug1: Server accepts key: pkalg ssh-rsa blen 535
Kryptonite ▶ Requesting SSH authentication from phone
Kryptonite ▶ Phone approval required. Respond using the Kryptonite app
Kryptonite ▶ Success. Request Allowed ✔
debug1: Authentication succeeded (publickey).
Authenticated to 10.42.0.30 (via proxy).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.