Extra security measures with SSH

From BNL Physics Computing

There are some additional measures one can take to improve the security of SSH.

[edit]

Delete keys when inactive

Following this page one can setup the screen saver to delete any keys stored in the agent when the screen saver turns on. When stopping the screen saver "ssh-add" is called to re-add any keys.

[edit]

Authorizing every key access

You can add your keys to your agent such that any attempt to access them requires a manual acceptance. This is done like: 

ssh-add -c

From then on, when you (or someone who has managed to hijack the agent) tries to access the key your agent will pop up a window asking for permission to access the key.

[edit]

Use Smart Cards to hold your crypto

There are (at least) two ways to put your keys on smart cards:

If interested, contact me.

Retrieved from "http://www.phy.bnl.gov/computing/index.php/Extra_security_measures_with_SSH"