Date: Sat, 3 May 2014 19:11:07 -0700 From: <dteske@FreeBSD.org> To: <freebsd-hackers@freebsd.org> Cc: 'Devin Teske' <dteske@freebsd.org> Subject: [OT] Mac OS X Notification Center and ssh-agent Message-ID: <034c01cf673e$1cc6af10$56540d30$@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Hi, Apologies for being off-topic (as this e-mail is Mac Specific) but I just wanted to share something that I think can help make our lives a little bit more secure (for those FreeBSD hackers and developers that use Macs). I took Apple's forked version of OpenSSH available from opensource.apple.com and I added support for Mac OS X 10.8+ Notification Center. The reason for this might be obvious, which is to have the ssh-agent in Mac OS X pop up a notification every time it uses my private key to sign a login request and keep a log of notifications. We can't always lock the keychain, put our machines to sleep, or kill the running ssh-agent every time we walk away from our Macs, so this addition not only helps notify me of compromised connections to my agent when I'm at the machine but also when I'm away from it. My friend had a set of patches for doing this with Growl, but now Growl is no longer free ($3.99 in the Mac App Store) and has become obsolete by the Notification Center. Here's an image of the notifications and the Notification Center where they stack up. http://devinteske.com/wp/wp-content/uploads/Screen-Shot-2014-05-03-at-3.56.1 0-PM.png Here's a binary that I made for 10.9.2,... http://druidbsd.sf.net/download/ssh-agent+notifications.osx-10.9.2.tbz But if you don't trust the binary (why should you?) here's the source... https://github.com/devinteske/apple/tree/master/OpenSSH-186/openssh And to compile it: ./configure --with-pam --with-audit=bsm make (you only need the resulting ssh-agent binary) I basically took Apple's forked version and added a new Obj-C file named ssh-agent-notify.m, a header for it, and modified Makefile.in as well as ssh-agent.c (it's all in the git repository linked-to above). Full blog on the deal... http://devinteske.com/ssh-agent-notifications-osx/ -- Cheers, Devin _____________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?034c01cf673e$1cc6af10$56540d30$>