top | item 47100709

(no title)

OrderlyTiamat | 8 days ago

> (And why would you have a password for a ssh key on your personal machine?)

You're presumably joking? If not, could you elaborate?

discuss

PunchyHamster|8 days ago

well if you have encrypted storage and already need password to get to it, secondary password is of little value

Tho I prefer to just use hardware key for ssh

craftkiller|8 days ago

> well if you have encrypted storage and already need password to get to it, secondary password is of little value

That's only true when your machine is powered off. If an attacker manages to yank files from your disk while it is running, that ssh-key password is the difference between "they stole my ssh key" and "they stole worthless random data".

> use hardware key for ssh

That's the real solution. I don't understand why people still store ssh keys on disk when hardware keys are simple, easy, and significantly more secure.

rzzzt|8 days ago

ssh-agent will also be happy to provide the key to git after an initial unlock with the passphrase.

fastasucan|8 days ago

>well if you have encrypted storage and already need password to get to it, secondary password is of little value

This is not true at all though. What about when you are logged into your computer.