| ▲ | homebrewer 8 hours ago | |
Or use a FIDO token to protect your SSH key, which becomes useless without the hardware token. https://wiki.archlinux.org/title/SSH_keys#FIDO/U2F That's what I do. For those of us too lazy to read the article, tl;dr: Use the ssh key as usual. OpenSSH will ask you to tap the token every time you use it: silent git pushes without you confirming it by tapping the token become impossible. Extracting the key from your machine does nothing — it's useless without the hardware token. | ||
| ▲ | NylonMeltdown 2 hours ago | parent [-] | |
Except that an attacker can modify the ssh config to enable session multiplexing with a long timeout and then piggy-back off that connection, right? | ||