Timeline for Storing the private key password for auto-mounting SSHFS?
Current License: CC BY-SA 3.0
14 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jan 12, 2014 at 21:34 | comment | added | slm♦ | @Nils - yes a solution to this prob. is something along those lines, IMO, I've been trying to determine the underpinnings of what adds entries to your keyring so that they can be used from boot to boot. That would seem to be along the lines of your idea of putting it in a file, but at least it's in the keyring which can then be locked/unlocked via the screenlocking and such so that it's more secure than simply putting it in a file. | |
| Jan 12, 2014 at 21:24 | comment | added | Nils | @slm so the solution is somewhere along the way to use a pam-module that registers the passphrase during login in the ssh-agent. I once got that working on CentOS using the Ubuntu guideline for KDE. There I replaced the KDE-login-prompt with a passhrase-promt. But now it does not work any more - that was the background of my question here. | |
| Jan 12, 2014 at 21:15 | comment | added | slm♦ | @Nils - point taken I mis-stated that comment. You'd get security of the certs in the connection, but the use of those keys would be wide open to anyone that had access to them physically on disk. | |
| Jan 12, 2014 at 21:12 | comment | added | Nils | @slm it defeats the purpose of having a passphrase - not of having keys. | |
| Jan 12, 2014 at 8:01 | comment | added | slm♦ | @Nils - I don't think you want to do that. That defeats the purpose of having keys in the first place. | |
| Jan 11, 2014 at 21:27 | comment | added | Nils | Is there a way to invoke ssh-add in a way so that the passphrase can be put in a file? | |
| Jan 11, 2014 at 20:52 | comment | added | slm♦ | @Patrick - understood, but on this site anyway we generally strive to give more than just an answer, we like to provide background info when we can so that things are also understood for both the OP & future visitors to the site. I've read enough garbage answers on SO with 50 UV for just a link, I think we can hold ourselves to a higher standard here. | |
| Jan 11, 2014 at 20:49 | comment | added | phemmer | @slm except it isn't necessarily the goal of stackexchange to provide a howto guide as an answer. It's to provide an answer of how something could be done. If the user runs into an issue trying to accomplish the goal, they can ask another question on the specific issue. | |
| Jan 11, 2014 at 20:48 | comment | added | slm♦ | @Patrick - that's the biggest issue with this/these types of Q's they're very distro specific, I'd like to see us develop a more general purpose A to these questions so that we can refer to it. He tagged the Q as mate, but as you've indicated you can mix and match using gnome-keyring-daemon which compounds to the confusion/complexity. | |
| Jan 11, 2014 at 20:47 | comment | added | phemmer | @slm From my experience, on ubuntu & gentoo, if gnome-keyring-daemon is installed, the pam module is installed and configured. But it's entirely up to the distro/package. | |
| Jan 11, 2014 at 20:45 | comment | added | slm♦ | @Patrick - do you know off hand if that is out of the box wrt to the pam mod or do you have to set that up custom? | |
| Jan 11, 2014 at 20:41 | comment | added | phemmer | I would recommend something like gnome-keyring-daemon over mate-keyring. gnome-keyring-daemon is a very common utility, often installed and running by default. It even provides a pam module to unlock the keyring using the login password. | |
| Jan 11, 2014 at 19:59 | history | edited | michas | CC BY-SA 3.0 | added 62 characters in body |
| Jan 11, 2014 at 19:53 | history | answered | michas | CC BY-SA 3.0 |