[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Key management using a USB key


On Mon, Mar 07, 2005 at 09:52:31PM -0800, Steve Langasek wrote:
> > i have a usb/hotplug/ssh-add script that loads an ssh key off of a usb
> > stick, and removes it when the usb stick is removed.  if you're
> > interested i can send you a copy off-list.
> Any reason not to post it on-list?  I was hoping to improve the
> security/usability of my own setup based on the best practices offered up in
> reply to this thread.

well, me wanting to do things the "right way" it ended up being a pretty
long script and i didn't think the list would appreciate random shell
scripts flying around.  but, i'll go ahead and put it online:


how it works:

- plop the script in /etc/hotplug/usb/
- copy your public/private keys onto a usb disk, list them in
  ~/.keyloader (KEYS="key1 key2", read script comments for more info)
- plug in the usb disk
- ssh-add xterm (or ssh-askpass if you have it installed) pops up if it
  needs a passphrase, and your key is loaded
- remove the disk
- key is unloaded.

i think the approach i take is fairly sound securitywise, but i'd
appreciate someone else taking a look at it.  

also, i'm not sure whether it still works on 2.4 kernels, i haven't had
a 2.4 machine to test on in a while.



Attachment: signature.asc
Description: Digital signature

Reply to: