-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Another alternative is to turn off password authentication and allow only public key. This way the brute forcers can guess all they want and never get lucky. If you need a "card" you can always put your encrypted private key / public key pair on a thumb drive which is a very low cost option that fits on your keychain. I believe this approach is reasonably platform independent (but I don't us windows so I do not speak with authority on this).
Cheers, Bob Blair Brett Viren wrote: > Faye Gibbins <[EMAIL PROTECTED]> writes: > >> Dr Andrew C Aitchison wrote: >> >>> ssh-agent means that although the ssh keys aren't stored on disk >>> they *are* held in memory much of the time. Given that many laptops >>> are suspended and rarely rebooted, do you have a way of ensuring >>> that the machine regularly reconfirms the user's identity ? >>> >> Kerberosized ssh. > > Another, somewhat arcane, option is to use OpenPGP smart cards along > with GnuPG's gpg-agent. The keys remain on the card and the card does > the PGP authentication. Take the card out of the reader and no > subsequent authentication can be done. > > I've evaluated this method and it does work but requires some amount > of effort to set up. As far as I know there is only one supplier[1]. > I also don't expect it to work on non-Linux platforms. But, besides > all these negatives, it is a nice solution that also gives the user > the usual benefits of PGP. > > > -Brett. > > [1] http://www.g10code.com/p-card.html - -- Robert E. Blair, Room E277, Building 362 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFI5NenOMIGC6x7/XQRAr+zAJ9mWyN9D06N49OiQEdwT1A1NMhA0ACgumk9 odDk4dw+dAWr0Q88RTmTGF4= =1PEQ -----END PGP SIGNATURE-----
begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:[EMAIL PROTECTED] title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
