[Discuss] ssh keys question
Rich Braun
richb at pioneer.ci.net
Fri Jun 17 14:20:48 EDT 2016
What I do to reduce odds of lockout when I'm traveling is this: accept
passwordless ssh first, and if that fails, fall back on 2-factor auth
(password + Google Authenticator). I could still get locked out if my
phone/laptop both get stolen, but in that case I can retrieve the ssh private
key from an encrypted locker in the cloud someplace (protected by a different,
memorized passphrase).
You should also encrypt your private key with a passphrase, using 'ssh-keygen
-p'. The ssh-agent allows you to use it repeatedly for the duration of a
session without having to retype the password multiple times.
I often wish sudo had functionality similar to ssh-agent: a way to require a
token established at session start, rather than a password entered every time.
-rich
More information about the Discuss
mailing list