Faye Gibbins <[EMAIL PROTECTED]> writes: > Dr Andrew C Aitchison wrote: > >> ssh-agent means that although the ssh keys aren't stored on disk >> they *are* held in memory much of the time. Given that many laptops >> are suspended and rarely rebooted, do you have a way of ensuring >> that the machine regularly reconfirms the user's identity ? >> > > Kerberosized ssh.
Another, somewhat arcane, option is to use OpenPGP smart cards along with GnuPG's gpg-agent. The keys remain on the card and the card does the PGP authentication. Take the card out of the reader and no subsequent authentication can be done. I've evaluated this method and it does work but requires some amount of effort to set up. As far as I know there is only one supplier[1]. I also don't expect it to work on non-Linux platforms. But, besides all these negatives, it is a nice solution that also gives the user the usual benefits of PGP. -Brett. [1] http://www.g10code.com/p-card.html
