| ▲ | PunchyHamster 2 hours ago | |
well if you have encrypted storage and already need password to get to it, secondary password is of little value Tho I prefer to just use hardware key for ssh | ||
| ▲ | craftkiller an hour ago | parent | next [-] | |
> well if you have encrypted storage and already need password to get to it, secondary password is of little value That's only true when your machine is powered off. If an attacker manages to yank files from your disk while it is running, that ssh-key password is the difference between "they stole my ssh key" and "they stole worthless random data". > use hardware key for ssh That's the real solution. I don't understand why people still store ssh keys on disk when hardware keys are simple, easy, and significantly more secure. | ||
| ▲ | rzzzt 2 hours ago | parent | prev [-] | |
ssh-agent will also be happy to provide the key to git after an initial unlock with the passphrase. | ||