| ▲ | craftkiller 3 hours ago | |
> well if you have encrypted storage and already need password to get to it, secondary password is of little value That's only true when your machine is powered off. If an attacker manages to yank files from your disk while it is running, that ssh-key password is the difference between "they stole my ssh key" and "they stole worthless random data". > use hardware key for ssh That's the real solution. I don't understand why people still store ssh keys on disk when hardware keys are simple, easy, and significantly more secure. | ||
| ▲ | bubblewand an hour ago | parent [-] | |
> That's the real solution. I don't understand why people still store ssh keys on disk when hardware keys are simple, easy, and significantly more secure. At work, every place big enough to maybe care about this was so “enterprisey” and “cloudy” that I almost never use/used ssh anyway, even with tons of Linux systems all over the place. Pretty much only to talk to GitHub. I lose stuff all the time. The idea of these things gives me anxiety. The first time I lost 15 minutes figuring out where I put my hardware key, before I could ssh in to do 20 seconds of running commands, I’d back out of the whole project and return to using a file on disk, guaranteed. Files on disk are free, hardware keys cost money. 25 years as a backend-heavy programmer, sysadmin, and devops-sort (sometimes all at once, lol). I’ve still never even touched one of these devices, and have only rarely seen one. | ||