Jump to content
Enpass Discussion Forum

SSH Agent support

Programie

By Programie
in Feature requests

 Share

Recommended Posts

Gulshan Dogra Rising Star

Gulshan Dogra

Posted
Posted

Hi @all,

Thank you very much for your patience and support.

All your feedback on this forum has been forwarded to our concerned team and we are continuously reviewing your responses. This feature request is currently being examined by our backend team.

#SI-1081

stanwu Newbie

stanwu

Posted
Posted

I would like to pay to subscribe this feature, it is amazing feature that after I tried 1Password 8 SSH agent, it is a total solution that add extra layer to protect id_rsa key also very flexible to management multi-ssh key issue  

image.thumb.png.371f81f6393cdfd59a273e359fa0dcb8.png

  • Like 1
  • 9 months later...
  • 1 month later...
Jo Ried Newbie

Jo Ried

Posted
Posted

I use a WebDAV connection with a self-signed certificate for local synchronization. The DNS name that is automatically assigned by my router is very popular in Europe/Germany, nas.fritz.box. Enpass works perfectly with this setup because I can explicitly tell it not to verify the certificate because it's self-signed.

But am I creating a security vulnerability by doing this? Enpass automatically syncs the vaults when I open it. If someone wants to steal my vault, they will see that there is a DNS request for dns.fritz.box and create the DNS themselves. On the second attempt, when Enpass tries to sync, the hacker will accept every user and password and will now know the WebDAV DNS name, user, and password. What happens when Enpass tries to sync and sees that there is no file? Will the file be created and copied, or will there be an alert? If it is simply copied, my password file could be stolen when using hotel Wi-Fi. If there is an alert, I will know that someone is trying to steal my vault file. I know that self-signed certificates are not a good idea. It would be great if Enpass could use ssh(fs) for file syncing.

Jo Ried Newbie

Jo Ried

Posted
Posted
2 hours ago, Jo Ried said:

I use a WebDAV connection with a self-signed certificate for local synchronization. The DNS name that is automatically assigned by my router is very popular in Europe/Germany, nas.fritz.box. Enpass works perfectly with this setup because I can explicitly tell it not to verify the certificate because it's self-signed.

But am I creating a security vulnerability by doing this? Enpass automatically syncs the vaults when I open it. If someone wants to steal my vault, they will see that there is a DNS request for dns.fritz.box and create the DNS themselves. On the second attempt, when Enpass tries to sync, the hacker will accept every user and password and will now know the WebDAV DNS name, user, and password. What happens when Enpass tries to sync and sees that there is no file? Will the file be created and copied, or will there be an alert? If it is simply copied, my password file could be stolen when using hotel Wi-Fi. If there is an alert, I will know that someone is trying to steal my vault file. I know that self-signed certificates are not a good idea. It would be great if Enpass could use ssh(fs) for file syncing.

Thanks for moving the question to ssh request, but there is still the open question regarding WebDAV will Enpass copy the file to a insecure location?

Warren Newbie

Warren

Posted
Posted (edited)

Dear Esteemed Enpass Team,

I trust this message finds you well. I am a dedicated user of your exceptional product, Enpass. I am reaching out today to express my interest in a feature that I understand has previously been suggested by fellow users.

Three years ago, the prospect of integrating SSH agent functionality into Enpass was discussed. This capability, as you are likely aware, would greatly enhance our ability to manage SSH keys, thereby increasing the security of our SSH connections - a crucial factor in the current digital landscape.

Recognizing the importance of such a feature, I am writing to inquire about the progress of its implementation. Understanding the complexities involved in software development, I am aware that such processes require time and resources. Nevertheless, I believe this functionality would significantly enhance the usability of Enpass and provide a more secure and streamlined experience for your users.

I appreciate your time in reading and considering my request. Any updates you can provide on this matter would be greatly appreciated.

Thank you for your continued dedication to improving and maintaining the high standards of Enpass.

Edited by Warren
  • 6 months later...
  • 5 months later...
Warren Newbie

Warren

Posted
Posted

 

On 6/13/2022 at 8:02 PM, Gulshan Dogra said:

Hi @stanwu,

Welcome to the Enpass community.

I have duly noted your feedback and it has been forwarded to our concerned team for further consideration.

#SI-1081

Have there been any updates? @Gulshan Dogra

  • 2 weeks later...
  • 7 months later...
Warren Newbie

Warren

Posted
Posted
On 5/30/2024 at 3:23 PM, Amandeep Kumar said:

our development team has accepted your feature request and has begun working on it. Adding a new feature may take some time, but rest assured, we'll keep you updated on the progress. 

@Amandeep Kumar

@Gulshan Dogra It's 2025 now, and this feature was requested about six years ago. What's the status of this feature? When will it be released?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...