Tide team here. Our dev Sasha built this PoC in a few weekends, using our SDK.
Her core idea: Remove the risk of compromised keys, and the overhead of managing them at scale, by never having a key to steal. Instead the SSH signing operation is distributed across nodes using novel MPC-based threshold EdDSA – the key literally never exists in whole, not even momentarily in a TEE.
KeyleSSH is:
- Browser-based SSH console
- Auth via OIDC, signing via distributed novel MPC-based threshold EdDSA
- appx 30 lines of core signing logic (the SDK does the heavy lifting)
It isn't (yet):
- Production-ready. It's a PoC.
- Fully decentralized. The nodes currently run on our testnet – we're working toward a proper decentralized mainnet. If you run infrastructure and are curious about operating nodes, happy to chat.
- A silver bullet. Browser-based means endpoint compromise is still a threat vector.
Live demo: demo.keylessh.com
Source: github.com/sashyo/keylessh
AMA about the protocol, the SDK, or the threat model.
KeyleSSH is: - Browser-based SSH console - Auth via OIDC, signing via distributed novel MPC-based threshold EdDSA - appx 30 lines of core signing logic (the SDK does the heavy lifting)
It isn't (yet): - Production-ready. It's a PoC. - Fully decentralized. The nodes currently run on our testnet – we're working toward a proper decentralized mainnet. If you run infrastructure and are curious about operating nodes, happy to chat. - A silver bullet. Browser-based means endpoint compromise is still a threat vector.
Live demo: demo.keylessh.com Source: github.com/sashyo/keylessh
AMA about the protocol, the SDK, or the threat model.
reply