You are not logged in.
Hello!
I have finally been able to scratch an itch I've had for years: A good solution for unlocking my SSH keys at boot on my minimalistic system that has a TTY login and a window manager and not much else.
My criteria:
* Must use the standard SSH agent
* Must use login password for unlocking
* Must not require swapping out the system authentication mechanism (adding to it is ok)
* Must not be tied to a particular desktop environment
* Must not be tied to a particular password manager
* Must have as few dependencies as possible
* Must be as convenient to use as gnome-keyring-daemon, once it's set up
* Must be as secure as can be at this level of convenience
* Must work with and without an X session
None of the methods in the arch wiki fulfilled those requirements. Luckily I finally found a script by EvanPurkhiser that did almost everything I wanted. It needed very little updating to work with current arch linux and I added a simple but (I hope) reasonably secure mechanism to store the passphrase encrypted.
Now I would like to ask you to see if you can find any obvious (or less obvious) security holes or other issues, and if you find it satisfactory for the purpose. I would love to add it to the wiki as an additional method once it has a little more flight time and feedback, if the community approves.
https://github.com/capocasa/systemd-user-pam-ssh
Carlo Capocasa
Last edited by onecmc (2019-02-24 10:35:34)
Offline