Using two agents
Damien Miller
djm at mindrot.org
Mon Jun 1 11:38:04 AEST 2015
On Sun, 31 May 2015, ?ngel Gonz?lez wrote:
> When you want unattended running over ssh even accross reboots,
> there's little option than having unprotected keys.
PKCS#11 token (e.g. a TPM) without a PIN. An attacker might be able to
steal use of the key, but they can't steal the key itself.
Otherwise, a hardware-free solution is to have an init script start a
ssh-agent at boot set to listen on a known socket, add keys to it and
then remove the keys from the filesystem.
-d
More information about the openssh-unix-dev
mailing list