hi, On Mon, Mar 07, 2005 at 09:52:31PM -0800, Steve Langasek wrote: > > i have a usb/hotplug/ssh-add script that loads an ssh key off of a usb > > stick, and removes it when the usb stick is removed. if you're > > interested i can send you a copy off-list. > > Any reason not to post it on-list? I was hoping to improve the > security/usability of my own setup based on the best practices offered up in > reply to this thread. well, me wanting to do things the "right way" it ended up being a pretty long script and i didn't think the list would appreciate random shell scripts flying around. but, i'll go ahead and put it online: http://www.seanius.net/linux/keyloader/usb-storage how it works: - plop the script in /etc/hotplug/usb/ - copy your public/private keys onto a usb disk, list them in ~/.keyloader (KEYS="key1 key2", read script comments for more info) - plug in the usb disk - ssh-add xterm (or ssh-askpass if you have it installed) pops up if it needs a passphrase, and your key is loaded - remove the disk - key is unloaded. i think the approach i take is fairly sound securitywise, but i'd appreciate someone else taking a look at it. also, i'm not sure whether it still works on 2.4 kernels, i haven't had a 2.4 machine to test on in a while. sean --
Attachment:
signature.asc
Description: Digital signature