[nycbug-talk] Reducing password fatigue on OpenBSD (or any BSD)

Eric Radman ericshane at eradman.com
Sat Nov 9 20:41:27 EST 2013


This week I moved /home to a softraid(4) crypto device on my laptop so
that I would no longer need to spend time worrying about about the
consequences of it being lost or stolen. Works great; I just have to
"unlock" the volume on boot

Passphrase: ****************

And log in

login: myself
Password: ****************

And activate my SSH keypairs

$ eval `ssh-agent`
$ ssh-add
Enter passphrase for /home/myself/.ssh/id_XXX: ****************

And I haven't even typed kinit yet.

Are there any well-respected practices for keying off of data stored on
a USB stick? How might one collapse two of these steps in a reasonably
secure way?

Thought it would be worth asking before I wander off and invent a flawed
or brittle shortcut!

-- 
Eric Radman



More information about the talk mailing list