[H-GEN] Desktop wars ..... (no not really)

Jason Parker-Burlingham jasonp at panix.com
Thu Jun 26 12:39:31 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

"Christopher Biggs" <listjunkie at pobox.com> writes:

> "Three Blokes" <gerbil at bigpond.net.au> moved upon the face of the
> 'Net and spake thusly:
>> From: "Robert Brockway" <robert at timetraveller.org>
>>> # Allow ssh-agent to kick off the window manager ($MANAGER)
>>> ssh-agent bash -c "ssh-add < /dev/null && $MANAGER"

I think this line could be simplified quite a bit:

eval `ssh-agent`    # get those environment vars going
ssh-add && $MANAGER # start the window manager when the passphrase is
                    # right

The problem that I have with doing things this way stem mostly from
the fact that *sometimes* you really just want to get back to your
environment in a hurry, like when the power has just gone out.
Removing the ssh-add from the X session script doesn't make it
necessarily more difficult to type in passphrases, and has the benefit
of not keeping you out if you're finding it hard to touch-type right
now.

> The ssh-add progam prompts the (the redirection of standard-input
> to come from /dev/null will ensure that 'ssh-add' uses an X-window
> prompt rather than a terminal-input prompt)

That's another reason I don't like to mess about with this method.  I
had a great deal of trouble getting the askpass window working when I
first set this thing up; I was awfully confused and tried piping stuff
all sorts of ways.  Besides that I'm wary of typing my passphrase into
graphical applications.  (GNOME gpg anyone?  Brrrrrrrrr!)

> On /my/ system I also have configured the screen-saver/locker daemon
> erase the stored passphrase, should I be idle for longer than 10
> minutes.

I keep meaning to do this.  When someone is paying me to be a sysadmin
again, I think I will go through the bother.

> I can also press the "sleep" key on my keyboard to wipe my stored
> passphrase (and also lock the console) immediately.

Oh.  I don't have a sleep button, but I'd like to see how you do that.

> The truly paranoid store their SSH keys on hot-plug removeable
> media such as smart-cards or USB-flash dongles.

The *truly* paranoid have vetted PGP for security problems, typed it
in from the back of the book, and boot from a CD-ROM when they need
access to their crypto.

jason
-- 
Stay up-to-date on what I'm doing lately:
                                 http://www.panix.com/~jasonp

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list