You are not logged in.

#1 2019-02-24 09:44:30

onecmc
Member
Registered: 2017-05-03
Posts: 10

Minimalistic SSH key unlock at boot

Hello!

I have finally been able to scratch an itch I've had for years: A good solution for unlocking my SSH keys at boot on my minimalistic system that has a TTY login and a window manager and not much else.

My criteria:

* Must use the standard SSH agent
* Must use login password for unlocking
* Must not require swapping out the system authentication mechanism (adding to it is ok)
* Must not be tied to a particular desktop environment
* Must not be tied to a particular password manager
* Must have as few dependencies as possible
* Must be as convenient to use as gnome-keyring-daemon, once it's set up
* Must be as secure as can be at this level of convenience
* Must work with and without an X session

None of the methods in the arch wiki fulfilled those requirements. Luckily I finally found a script by EvanPurkhiser that did almost everything I wanted. It needed very little updating to work with current arch linux and I added a simple but (I hope) reasonably secure mechanism to store the passphrase encrypted.

Now I would like to ask you to see if you can find any obvious (or less obvious) security holes or other issues, and if you find it satisfactory for the purpose. I would love to add it to the wiki as an additional method once it has a little more flight time and feedback, if the community approves.

https://github.com/capocasa/systemd-user-pam-ssh

Carlo Capocasa

Last edited by onecmc (2019-02-24 10:35:34)

Offline

Board footer

Powered by FluxBB