Homebrew: tkey-ssh-agent update

The Homebrew package for tkey-ssh-agent has been updated to include:

  • man page, i.e., man tkey-ssh-agent
  • default to promt for the USS input (User Supplied Secret)

Since this is only an update to the service, and not the tkey-ssh-agent program, this won’t be flagged as an update in Brew; hence, you need to reinstall the tkey-ssh-agent manually.
Note this poses no changes to the software running on the TKey. As such, it will not change the derived private/public keys used for SSH Public Key Authentication, unless you enter a USS in the dialogue when prompted.

Instructions to reinstall

Run these commands to reinstall the agent and restart the service.

$ brew update
$ brew reinstall tkey-ssh-agent
$ brew services restart tkey-ssh-agent

Test the installation

To test and ensure the installation is correct, simply run a regular SSH command that requires authentication from your TKey, remembering to re-insert your TKey if it already has an application loaded (the LED should be steady white). You should then be prompted to input your USS – just press enter to continue without a USS, i.e. with the same keys as before the reinstall.

You can also read the man page using the command:

$ man tkey-ssh-agent

Start using the USS

Using the USS is recommended for increased security, as your SSH keys will be protected by both something you have (the TKey) and something you know (the USS).
If you start to use the USS, you will need to update your public key at the locations you desire to authenticate. Find the instructions here.