[OT] Mac OS X Notification Center and ssh-agent

看板FB_hackers作者時間11年前 (2014/05/04 10:32), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/2 (看更多)
Hi, Apologies for being off-topic (as this e-mail is Mac Specific) but I just wanted to share something that I think can help make our lives a little bit more secure (for those FreeBSD hackers and developers that use Macs). I took Apple's forked version of OpenSSH available from opensource.apple.com and I added support for Mac OS X 10.8+ Notification Center. The reason for this might be obvious, which is to have the ssh-agent in Mac OS X pop up a notification every time it uses my private key to sign a login request and keep a log of notifications. We can't always lock the keychain, put our machines to sleep, or kill the running ssh-agent every time we walk away from our Macs, so this addition not only helps notify me of compromised connections to my agent when I'm at the machine but also when I'm away from it. My friend had a set of patches for doing this with Growl, but now Growl is no longer free ($3.99 in the Mac App Store) and has become obsolete by the Notification Center. Here's an image of the notifications and the Notification Center where they stack up. http://devinteske.com/wp/wp-content/uploads/Screen-Shot-2014-05-03-at-3.56.1 0-PM.png Here's a binary that I made for 10.9.2,... http://druidbsd.sf.net/download/ssh-agent+notifications.osx-10.9.2.tbz But if you don't trust the binary (why should you?) here's the source... https://github.com/devinteske/apple/tree/master/OpenSSH-186/openssh And to compile it: ../configure --with-pam --with-audit=bsm make (you only need the resulting ssh-agent binary) I basically took Apple's forked version and added a new Obj-C file named ssh-agent-notify.m, a header for it, and modified Makefile.in as well as ssh-agent.c (it's all in the git repository linked-to above). Full blog on the deal... http://devinteske.com/ssh-agent-notifications-osx/ -- Cheers, Devin _____________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
更多 dteske. 的文章
文章代碼(AID): #1JPQQZrr (FB_hackers)
更多 dteske. 的文章
文章代碼(AID): #1JPQQZrr (FB_hackers)