[cosmic_cheese]

I feel a bit skeeved out about the standard practice of just letting keys hang free and loose in ~/.ssh/ as it is already (leveraging e.g. Secure Enclave on Macs is much better IMO), let alone putting them in a place where they're liable to be unintentionally uploaded or freely accessible to anybody who happens to come into possession of my thumb drive.

[mnahkies]

I've moved to storing my keys in my password manager, using it as an ssh agent. Means clicking authorize a bit, but also means I'm running a command I'm expecting to use a key then being prompted to authorize (and if it ever prompts unexpectedly I can stop and ask why)

Hardware keys would be better, but I think this is a decent balance or security vs convenience for my needs ATM.

[cosmic_cheese]

The experience is similar with keys in Secure Enclave. When anything tries to access a key I get a Touch ID prompt which makes it difficult for anything to use it without my knowledge.

[perbu]

I have the same and I'm very happy with UX, but less happy about the key leaving the machine.

[cluckindan]

Use drive encryption, key passphrases and chmod -r 600 ~/.ssh

[trueismywork]

Best is hardware keys like yubikeys..