Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] deadmanish login?

On 02/10/2017 10:50 PM, John Byrnes wrote:
> You can keep your ssh keys on a PIN protected smartcard and only 
> insert it when you need to log in somewhere. Your keys never leave the 
> card. When the card is unplugged, an attacker has no access at all. I 
> feel like this is better than a password. It also makes it easier to 
> keep the keys synchronized between boxes. 

I agree. Were I needing to manage access to zillions of machines, the 
effort to set up and maintain that would be worth it.

> gpg-agent can allow access to GPG keys on a card with the
> --enable-ssh-support option.
> ===
> --enable-ssh-support
> --enable-putty-support
>      Enable the OpenSSH Agent protocol.
>      In this mode of operation, the agent does not only implement the
>      gpg-agent protocol, but also the agent protocol used by OpenSSH
>      (through a separate socket). Consequently, it should be possible to
>      use the gpg-agent as a drop-in replacement for the well known
>      ssh-agent.
> ===

gpg-agent. Interesting. If SC4 HSM could slide in as the smartcard, that 
would be cool.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /