|
|
|
|
|
|
by mfontani
2246 days ago
|
|
|
I've (admittedly, conceptual only) a couple problem with this approach I'd love to hear folks' thoughts about, with regards to "touch-to-use". 1. I still have a need to "for s in $list_of_servers; ssh -A $s '..'; done" How many times do I have to push the button? Is there a setting that allows that "push to allow" for a short while? Great, if so: 2) when I ssh into a system and touch the button to allow it, and the push allowed the use of they key for a short while, am I not in the same problem as before - as the system may be compromised and may be performing other operations I'm unawares of? A solution for this would be to have multiple hardware keys for things I manage: one for $work, one for $personal, another for $github, etc. etc. but then managing them and - especially!! - their SSH agent which may be in memory but relies on the hardware being present, with all issues _that_ entails.... becomes a frigging mess. So I'm torn... between the simplicity of a hardware key with push-to-allow... and actually being able to _use_ it _securely_. |
|
|
Yes there is. In a newer firmware.
> 2) when I ssh into a system and touch the button to allow it, and the push allowed the use of they key for a short while, am I not in the same problem as before - as the system may be compromised and may be performing other operations I'm unawares of?
Yes but the window of opportunity for the attacker is smaller. Also: it's your setup that requires multiple key operations within short time interval, for some people touching every time is sufficient and most secure.