|
|
|
|
|
|
by dijit
1236 days ago
|
|
|
This is how it has been, there are ways around this though: 1) use a pgp derived key, this means that anything authenticating will hit your gpg agent and only that, nothing is using that key then 2) load your key and then remove it, which I’ve done before using a LUKS encrypted partition (then load the key into ssh-agent, then remove the volume). 3) Storing your keys in the secure enclave on Apple computers. A little bit onerous if you use an external keyboard without touchID though. I have a program on my computer that watches for read events in that folder to see if anything actually tries to read an access key. I can publish the source if you want. it uses inotify in linux. |
|
|