|
|
|
|
|
|
by 3np
1239 days ago
|
|
|
Indeed. You can even break out the ssh-agent in an offline VM, proxy your ssh auth socket(s) from the agent, and have it prompt for approval that persists with a configurable timeout. QubesOS calls this "split ssh" and you can use the same pattern with pgp. There's also this which I don't see mentioned much: https://manpages.debian.org/unstable/ssh-agent-filter/ssh-ag... |
|
|