BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] deadmanish login?

Subject: [Discuss] deadmanish login?
From: kentborg at borg.org (Kent Borg)
Date: Sat, 11 Feb 2017 12:45:20 -0500
In-reply-to: <20170211035035.kuifsumrb7uvxht4@xps13>
References: <a47bda52-ca1f-15ab-2f57-3ab5d1519a48@borg.org> <ecfa4f25-9416-ddcc-d92f-7979136fdf96@borg.org> <837eb7de-a956-c4bb-63f4-e1bcfa0e3861@gmail.com> <37fde12c-5572-a9e2-0525-fb37a8400691@borg.org> <5560cbeb-9a49-b959-c28a-44a3f0145d0f@gmail.com> <b261f072-dd42-b3e1-119e-3a380444a4dc@borg.org> <CA+h9Qs59TDWE22RJ561vrLs4J6JmNN9W6Tqg=9mPGTUy4E4KLQ@mail.gmail.com> <01da354a-066d-2c10-1e10-5780569627e5@borg.org> <d08d1f8f-e3ae-2e34-425e-83edf083780e@gmail.com> <6eb9dd4a-2c91-69e5-7ef8-4462f8daf42a@borg.org> <20170211035035.kuifsumrb7uvxht4@xps13>

On 02/10/2017 10:50 PM, John Byrnes wrote:
> You can keep your ssh keys on a PIN protected smartcard and only 
> insert it when you need to log in somewhere. Your keys never leave the 
> card. When the card is unplugged, an attacker has no access at all. I 
> feel like this is better than a password. It also makes it easier to 
> keep the keys synchronized between boxes. 

I agree. Were I needing to manage access to zillions of machines, the 
effort to set up and maintain that would be worth it.

> gpg-agent can allow access to GPG keys on a card with the
> --enable-ssh-support option.
>
> ===
> --enable-ssh-support
> --enable-putty-support
>
>      Enable the OpenSSH Agent protocol.
>
>      In this mode of operation, the agent does not only implement the
>      gpg-agent protocol, but also the agent protocol used by OpenSSH
>      (through a separate socket). Consequently, it should be possible to
>      use the gpg-agent as a drop-in replacement for the well known
>      ssh-agent.
> ===

gpg-agent. Interesting. If SC4 HSM could slide in as the smartcard, that 
would be cool.

Thanks,

-kb

Follow-Ups:
- [Discuss] deadmanish login?
  - From: john at johnbyrnes.info (john at johnbyrnes.info)

References:
- [Discuss] deadmanish login?
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] deadmanish login?
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] deadmanish login?
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
  - From: jabr at blu.org (John Abreau)
- [Discuss] deadmanish login?
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] deadmanish login?
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
  - From: john at johnbyrnes.info (John Byrnes)

Prev by Date: [Discuss] deadmanish login?
Next by Date: [Discuss] deadmanish login?
Previous by thread: [Discuss] deadmanish login?
Next by thread: [Discuss] deadmanish login?
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.