SSH security - 12/15/12 07:06 PM
I don't have filevault and really don't want to go with that. My MBP isn't set to auto login. So if my MBP gets stolen, they won't have my keychain, so that's most of my electronic passwords at least somewhat protected. My main password list is in an encrypted disk image whose password is in my keychain, so that has the same level of protection.
BUT, I recently got to thinking. What if my laptop is stolen, what about all the places I ssh to? There's nothing protecting ~/.ssh/id_dsa, and I have numerous ssh shortcuts in /usr/local/bin/. So someone that takes my laptop could freely ssh to those places.
I know I can establish a password for my private key, but again for convenience I don't want to do that. (besides being inconvenient, I use ssh/ssl in cron jobs frequently, that require no passphrase in the key) I also don't want to have to keep an encrypted dmg mounted.
So are there any other options? Any way to make ssh/ssl get the key from the keychain? or some other idea?
BUT, I recently got to thinking. What if my laptop is stolen, what about all the places I ssh to? There's nothing protecting ~/.ssh/id_dsa, and I have numerous ssh shortcuts in /usr/local/bin/. So someone that takes my laptop could freely ssh to those places.
I know I can establish a password for my private key, but again for convenience I don't want to do that. (besides being inconvenient, I use ssh/ssl in cron jobs frequently, that require no passphrase in the key) I also don't want to have to keep an encrypted dmg mounted.
So are there any other options? Any way to make ssh/ssl get the key from the keychain? or some other idea?