On 07/07/2014 02:40, Chris Stankevitz wrote: > On Sun, Jul 6, 2014 at 1:32 PM, Alan McKinnon <alan.mckin...@gmail.com> wrote: >> Why not do the obvious thing instead? >> >> Run keychain and have it unlock your keys *once* when the workstation >> boots up. ssh then always uses that key as it is unlocked. > > Alan, > > Thank you. FYI, I do not have a problem typing my password 100 times > per day. The only problem I have with "pinentry" is that it doesn't > let me paste. Does keychain allow me to paste? If so, I'll consider > it. However, now that I have killed pinentry from my system I am > happily pasting my passphrase into the ssh console.
keychain is a regular terminal app, so paste will always work. On a side note, I always recommend people use a key agent unless there is absolutely no need for one: - typing the same passphrase repeatedly becomes tedious - the largest attack surface for passwords is not cryptographic weaknesses, it's over-the-shoulder attacks (aka shoulder surfing or monitor whoring). It's when people watch what you type over your shoulder, and after entering it for the fifth time most folks stop making sure everyone else in the room is looking away > On another note, from my OP, I am still curious how the ssh software > knows to use /usr/bin/pinentry to fetch my passphrase. In a follow-up > post, I discovered that this mechanism only works if an environment > variable called GPG_AGENT_INFO is set. I doubt the ssh source code > contains the string "/usr/bin/pinentry" or "GPG_AGENT_INFO". I'm not sure how that stuff works (I suspect the presence of magic) :-) I really should read up more about it, considering what kind of software it is. -- Alan McKinnon alan.mckin...@gmail.com
