Home Forums FineTunedMac Community Lounge SSH security

I don't have filevault and really don't want to go with that. My MBP isn't set to auto login. So if my MBP gets stolen, they won't have my keychain, so that's most of my electronic passwords at least somewhat protected. My main password list is in an encrypted disk image whose password is in my keychain, so that has the same level of protection.

BUT, I recently got to thinking. What if my laptop is stolen, what about all the places I ssh to? There's nothing protecting ~/.ssh/id_dsa, and I have numerous ssh shortcuts in /usr/local/bin/. So someone that takes my laptop could freely ssh to those places.

I know I can establish a password for my private key, but again for convenience I don't want to do that. (besides being inconvenient, I use ssh/ssl in cron jobs frequently, that require no passphrase in the key) I also don't want to have to keep an encrypted dmg mounted.

So are there any other options? Any way to make ssh/ssl get the key from the keychain? or some other idea?

well I think I will just have to lump it for now. I've set up my passwords dmg to mount at login and stay mounted, and symlinked from ~/.ssh/id_dsa to the disk image, which will make those keys secure when I am logged out. (and I just realized, will also secure them on my backups)

I'm still looking for a better idea if anyone has one.

I can't help you, sorry, but I'll keep an eye out.