Jump to content
Enpass Discussion Forum

SSH Agent support


Programie
 Share

Recommended Posts

I would like to pay to subscribe this feature, it is amazing feature that after I tried 1Password 8 SSH agent, it is a total solution that add extra layer to protect id_rsa key also very flexible to management multi-ssh key issue  

image.thumb.png.371f81f6393cdfd59a273e359fa0dcb8.png

Link to comment
Share on other sites

  • 9 months later...
  • 1 month later...

I use a WebDAV connection with a self-signed certificate for local synchronization. The DNS name that is automatically assigned by my router is very popular in Europe/Germany, nas.fritz.box. Enpass works perfectly with this setup because I can explicitly tell it not to verify the certificate because it's self-signed.

But am I creating a security vulnerability by doing this? Enpass automatically syncs the vaults when I open it. If someone wants to steal my vault, they will see that there is a DNS request for dns.fritz.box and create the DNS themselves. On the second attempt, when Enpass tries to sync, the hacker will accept every user and password and will now know the WebDAV DNS name, user, and password. What happens when Enpass tries to sync and sees that there is no file? Will the file be created and copied, or will there be an alert? If it is simply copied, my password file could be stolen when using hotel Wi-Fi. If there is an alert, I will know that someone is trying to steal my vault file. I know that self-signed certificates are not a good idea. It would be great if Enpass could use ssh(fs) for file syncing.

Link to comment
Share on other sites

2 hours ago, Jo Ried said:

I use a WebDAV connection with a self-signed certificate for local synchronization. The DNS name that is automatically assigned by my router is very popular in Europe/Germany, nas.fritz.box. Enpass works perfectly with this setup because I can explicitly tell it not to verify the certificate because it's self-signed.

But am I creating a security vulnerability by doing this? Enpass automatically syncs the vaults when I open it. If someone wants to steal my vault, they will see that there is a DNS request for dns.fritz.box and create the DNS themselves. On the second attempt, when Enpass tries to sync, the hacker will accept every user and password and will now know the WebDAV DNS name, user, and password. What happens when Enpass tries to sync and sees that there is no file? Will the file be created and copied, or will there be an alert? If it is simply copied, my password file could be stolen when using hotel Wi-Fi. If there is an alert, I will know that someone is trying to steal my vault file. I know that self-signed certificates are not a good idea. It would be great if Enpass could use ssh(fs) for file syncing.

Thanks for moving the question to ssh request, but there is still the open question regarding WebDAV will Enpass copy the file to a insecure location?

Link to comment
Share on other sites

Dear Esteemed Enpass Team,

I trust this message finds you well. I am a dedicated user of your exceptional product, Enpass. I am reaching out today to express my interest in a feature that I understand has previously been suggested by fellow users.

Three years ago, the prospect of integrating SSH agent functionality into Enpass was discussed. This capability, as you are likely aware, would greatly enhance our ability to manage SSH keys, thereby increasing the security of our SSH connections - a crucial factor in the current digital landscape.

Recognizing the importance of such a feature, I am writing to inquire about the progress of its implementation. Understanding the complexities involved in software development, I am aware that such processes require time and resources. Nevertheless, I believe this functionality would significantly enhance the usability of Enpass and provide a more secure and streamlined experience for your users.

I appreciate your time in reading and considering my request. Any updates you can provide on this matter would be greatly appreciated.

Thank you for your continued dedication to improving and maintaining the high standards of Enpass.

Edited by Warren
Link to comment
Share on other sites

  • 6 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...