INTL 3:770/1 3:770/3   
   REPLYADDR a24061@ducksburg.com   
   REPLYTO 3:770/3.0 UUCP   
   MSGID: 792f6dc3   
   REPLY: 8a6650b2   
   PID: SoupGate-Win32 v1.05   
   On 2024-02-01, Theo wrote:   
      
   > Chris Green wrote:   
      
   >> Not true, you're advocating separate keys for each remote and not   
   >> keeping thenm in an agent so login isn't 'passwordless' or automatic.   
   >   
   > I wasn't advocating that. The agent's purpose is so you only have to type   
   > the passphrase once per session - if that makes keys easier to use and maybe   
   > helps you have a stronger passphrase (since you don't need to type it so   
   > often), then why not?   
   >   
   > There may be some threat models where you don't want your machine holding   
   > unlocked keys in RAM, in which case fair enough and you need to type the   
   > passphrase each time, but for many use cases ssh-agent (and its integration   
   > into things like KDE KWallet or MacOS keychain) is fine.   
      
   You can use `ssh-add -D` to delete all keys from the agent or `ssh-add   
   -t 1h` (for example) to limit the keys' life in the agent to 1 hour.   
      
      
   --   
   I only regret that I have but one shirt to give for my country.   
    ---Abbie Hoffman   
      
   --- SoupGate-Win32 v1.05   
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)   
   SEEN-BY: 10/0 1 15/0 90/1 103/705 105/81 106/201 128/260 129/305 135/225   
   SEEN-BY: 153/757 7715 218/0 1 601 700 840 870 930 220/70 221/1 6 226/17   
   SEEN-BY: 226/30 100 227/114 229/110 112 113 200 206 307 317 400 426   
   SEEN-BY: 229/428 470 550 616 664 700 240/1120 266/512 267/800 282/1038   
   SEEN-BY: 291/111 292/854 301/1 113 812 310/31 320/219 322/757 335/364   
   SEEN-BY: 341/66 342/200 396/45 460/58 633/280 712/848 770/1 3 100   
   SEEN-BY: 770/330 340 772/210 220 230 5020/400 1042 5058/104 5075/35   
   PATH: 770/3 1 218/840 221/6 301/1 218/700 229/426   
      
|