On Mon, Aug 01, 2016 at 07:10:21PM -0300, Hugo Osvaldo Barrera wrote: > Hi, > > I've always used password-protected ssh keys, with ssh-agent, and in > recent year, I've been using full disk encryption as well. > I'm wondering if there's some redundancy here, and if using FDE > nullifies the need for password-protecting the keys, or if there's some > attack vector I'm no considering. > > Keep in mind that I using ssh-agent, and unlock the keys usually as a > first action after startup (I guess *not* using ssh-agent completely > changes the scenario).
I still makes sense to encrypt your ssh keys. Think of a bug in a browser that allows a server reading your files. Remi
