An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#24440 - 12/15/12 11:06 AM SSH security
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
I don't have filevault and really don't want to go with that. My MBP isn't set to auto login. So if my MBP gets stolen, they won't have my keychain, so that's most of my electronic passwords at least somewhat protected. My main password list is in an encrypted disk image whose password is in my keychain, so that has the same level of protection.

BUT, I recently got to thinking. What if my laptop is stolen, what about all the places I ssh to? There's nothing protecting ~/.ssh/id_dsa, and I have numerous ssh shortcuts in /usr/local/bin/. So someone that takes my laptop could freely ssh to those places.

I know I can establish a password for my private key, but again for convenience I don't want to do that. (besides being inconvenient, I use ssh/ssl in cron jobs frequently, that require no passphrase in the key) I also don't want to have to keep an encrypted dmg mounted.

So are there any other options? Any way to make ssh/ssl get the key from the keychain? or some other idea?
_________________________
I work for the Department of Redundancy Department

Top
#24444 - 12/17/12 09:19 AM Re: SSH security [Re: Virtual1]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
well I think I will just have to lump it for now. I've set up my passwords dmg to mount at login and stay mounted, and symlinked from ~/.ssh/id_dsa to the disk image, which will make those keys secure when I am logged out. (and I just realized, will also secure them on my backups)

I'm still looking for a better idea if anyone has one.
_________________________
I work for the Department of Redundancy Department

Top
#24445 - 12/17/12 09:27 AM Re: SSH security [Re: Virtual1]
alternaut Offline

Moderator

Registered: 08/04/09
I can't help you, sorry, but I'll keep an eye out.
_________________________
alternaut moderator

Top

Moderator:  alternaut, cyn