[clug] Anyone keep their SSH keys on a USB flash drive or in an encrypted filesystem?

David Deaves David.Deaves at dd.id.au
Mon Oct 7 02:06:37 MDT 2013 

Steve,

Just create your keys with a password.  
Then use  ssh-agent  to manage unlocked keys and make sure you start ssh-agent 
using the '-t 300' so that a key expires after 5 minutes, or stick with the 
default of no-lifetime, and setup your machine to run  ssh-add -D  when you 
lock your screen.

Not exactly what you were after, but I figured a reasonable approximation 
functionally atleast.

I use this to trap screen lock/unlock  -  it also logs the times, very handy 
for doing your timesheets.  And kills of  Figaro Password Manager if left open.


#!/bin/sh
# Get the log into the NFS cache
sum ~/ScreenSaver.log > /dev/null

dbus-monitor --session 'interface=org.gnome.ScreenSaver,member=ActiveChanged' |
 while IFS='' read j
  do
    TS=`date`
    if expr "$j" : ' ' >/dev/null
    then
        # Continuation line
        echo -n " :$j"
        DATA="$DATA$j"
    else
        # Initial line
        echo
        echo -n "$TS $j"
        DATA="$j"
    fi
    if expr "$DATA" : '.*ScreenSaver.*boolean true'
        # Screen locked
        ssh-add -D >/dev/null
        fuser -k -TERM /home/dave/.fpm/fpm*  >/dev/null 2>&1
    then
    fi
  done >> ~/ScreenSaver.log





> I was wondering if anyone had experience in securely storing the
> contents of ~/.ssh:
> 
>  - on a desktop/laptop machine
>  - on servers you administer
> 
> For a desktop, farnarkling with a USB drive mounted onto ~/.ssh might
> work, but creates a problem of clear-text keys getting stolen.
> 
> I was looking for a way to deny automatic SSH access if I wasn't at the
> keyboard...
> 
> For servers, especially a central trusted cluster admin-host, I was
> wondering if creating a small, encrypted filesystem was easy or useful
> (has not to be readable by super-user when mounted).
> 
> I've never used user-mounted encrypted filesystems, so no idea of how
> hard they might be...
> 
> regards
> steve jenkin
> 
> -- 
> Steve Jenkin, Info Tech, Systems and Design Specialist.
> 0412 786 915 (+61 412 786 915)
> PO Box 48, Kippax ACT 2615, AUSTRALIA
> 
> sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>

More information about the linux mailing list