[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#758651: RFP: envoy -- A ssh/gpg-agent wrapper leveraging cgroups and systemd/socket activation

Package: wnpp
Severity: wishlist

* Package name    : envoy
  Version         : 9
  Upstream Author :  Simon Gomizelj <simongmzlj@gmail.com>
* URL             : https://github.com/vodik/envoy
* License         : unknown
  Programming Lang: C
  Description     : A ssh/gpg-agent wrapper leveraging cgroups and systemd/socket activation

Envoy helps you to manage ssh keys in similar fashion to keychain, but
done in c, takes advantage of cgroups and systemd.

The daemon, envoyd, starts the agent of choice in a sanitized
environment and caches the associated environmental variables in memory.
The agent is started on demand and it's lifetime is tracked through
cgroups for accuracy. envoyd is typically started as root and can thus
serve all the users on the system at once. It checks the credentials of
the incoming connection and starts the agent under that uid/guid. If its
started as a user it will only be able to serve that particular user's

The envoy command connects to the daemon and gets all the information
associated with the current running agent. It can then do things like
add new keys to the agent or output shell code to inject these variables
into a shell.

This effectively allows a user to share a single long-running
authentication agent between all shells and sessions in a clean and
managed fashion that doesn't clutter user login sessions.

It is similar to keychain, but written in C and running as a system-wide
daemon to avoid multiple copies of gpg-agent or ssh-agent.  In addition,
it also includes PAM integration.

No license is specified in the original code repository, so the upstream
author would need to be contacted to see if the license is compatible
with DFSG.

Reply to: