[nycbug-talk] Reducing password fatigue on OpenBSD (or any BSD)
Eric Radman
ericshane at eradman.com
Sat Nov 9 20:41:27 EST 2013
This week I moved /home to a softraid(4) crypto device on my laptop so
that I would no longer need to spend time worrying about about the
consequences of it being lost or stolen. Works great; I just have to
"unlock" the volume on boot
Passphrase: ****************
And log in
login: myself
Password: ****************
And activate my SSH keypairs
$ eval `ssh-agent`
$ ssh-add
Enter passphrase for /home/myself/.ssh/id_XXX: ****************
And I haven't even typed kinit yet.
Are there any well-respected practices for keying off of data stored on
a USB stick? How might one collapse two of these steps in a reasonably
secure way?
Thought it would be worth asking before I wander off and invent a flawed
or brittle shortcut!
--
Eric Radman
More information about the talk
mailing list