sod generates an ecdsa-sha2-nistp256, unexportable key inside the Apple Secure Enclave.
It then orchestrates a barebones ssh-agent session which, in short - allows authenticating to OpenSSH servers the same way you would normally - but with your fingerprint instead of your password.
No special support required on the server side, this simply bridges typical ssh client behavior with Secure Enclave signing primitives.
sod is CLI-only, and "speaks" in typical OpenSSH verbs: ssh-keygen, ssh-add, ssh-agent.
sod is a lean codebase written in Swift - zero dependencies (outside of Swift's own). It does not implement any cryptography itself but rather delegates to macOS and OpenSSH crypto.
Quickstart: brew install botanica-consulting/tap/sod
sd install
ssh-copy-id -i ~/.ssh/id_sod.pub user@host
ssh user@host
Any feedback is welcome!
-- sod is a FOSS project by https://botanica.software