Hacker News new | ask | show | jobs
by javagram 2541 days ago
The private keys in .ssh can be stored encrypted. I do that, and store the decryption key in macOS keychain.
1 comments
poyu 2541 days ago
Can you share how to achieve this?
link
simlevesque 2541 days ago
On linux, I use ssh-agent. My key at ~/.ssh/id_rsa is encrypted.

When my shell starts, it boots ssh-agent (add "eval `ssh-agent`" to your ~/.bashrc)

Still in the shell boot, it tries to add the ssh key to the keychain (add "ssh-add" to your ~/.bashrc), and it asks for my private key password. Once I enter the password, my key is unlocked for as long at ssh-agent is running (usually until I shut down my computer).

My password is a long, I only need to enter it once a day so it's not really a problem. You can add multiple keys to the ssh-agent (ssh-add mykey.pem). The private key must have these permissions: 0400 (chmod 0400 mykey.pem).

link
imtringued 2540 days ago
I can already see the headline "ssh-agent desktop application stores private keys in plain text".

There is no solution to the problem of the author beyond demanding a password on every single interaction.

link
javagram 2540 days ago
https://apple.stackexchange.com/a/250572
link