BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] deadmanish login?
- Subject: [Discuss] deadmanish login?
- From: john at johnbyrnes.info (john at johnbyrnes.info)
- Date: Sat, 11 Feb 2017 14:33:37 -0500
- In-reply-to: <623e10c5-15e1-54ae-2c4d-88dc76c88dea@borg.org>
- References: <a47bda52-ca1f-15ab-2f57-3ab5d1519a48@borg.org> <ecfa4f25-9416-ddcc-d92f-7979136fdf96@borg.org> <837eb7de-a956-c4bb-63f4-e1bcfa0e3861@gmail.com> <37fde12c-5572-a9e2-0525-fb37a8400691@borg.org> <5560cbeb-9a49-b959-c28a-44a3f0145d0f@gmail.com> <b261f072-dd42-b3e1-119e-3a380444a4dc@borg.org> <CA+h9Qs59TDWE22RJ561vrLs4J6JmNN9W6Tqg=9mPGTUy4E4KLQ@mail.gmail.com> <01da354a-066d-2c10-1e10-5780569627e5@borg.org> <d08d1f8f-e3ae-2e34-425e-83edf083780e@gmail.com> <6eb9dd4a-2c91-69e5-7ef8-4462f8daf42a@borg.org> <20170211035035.kuifsumrb7uvxht4@xps13> <623e10c5-15e1-54ae-2c4d-88dc76c88dea@borg.org>
> On Feb 11, 2017, at 12:45, Kent Borg <kentborg at borg.org> wrote: > >> On 02/10/2017 10:50 PM, John Byrnes wrote: >> You can keep your ssh keys on a PIN protected smartcard and only insert it when you need to log in somewhere. Your keys never leave the card. When the card is unplugged, an attacker has no access at all. I feel like this is better than a password. It also makes it easier to keep the keys synchronized between boxes. > > I agree. Were I needing to manage access to zillions of machines, the effort to set up and maintain that would be worth it. > I only access one or two machines, but I do it from a few different workstations. >> gpg-agent can allow access to GPG keys on a card with the >> --enable-ssh-support option. >> >> === >> --enable-ssh-support >> --enable-putty-support >> >> Enable the OpenSSH Agent protocol. >> >> In this mode of operation, the agent does not only implement the >> gpg-agent protocol, but also the agent protocol used by OpenSSH >> (through a separate socket). Consequently, it should be possible to >> use the gpg-agent as a drop-in replacement for the well known >> ssh-agent. >> === > > gpg-agent. Interesting. If SC4 HSM could slide in as the smartcard, that would be cool. > I don't know if the SC4 will do that, but the NitroKey and GNUk will. http://www.fsij.org/doc-gnuk/ > Thanks, Anytime! JB
- References:
- [Discuss] deadmanish login?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] deadmanish login?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] deadmanish login?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
- From: jabr at blu.org (John Abreau)
- [Discuss] deadmanish login?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] deadmanish login?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
- From: john at johnbyrnes.info (John Byrnes)
- [Discuss] deadmanish login?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
- Prev by Date: [Discuss] deadmanish login?
- Next by Date: [Discuss] Torrent of new spam
- Previous by thread: [Discuss] deadmanish login?
- Next by thread: [Discuss] deadmanish login?
- Index(es):
