[H-GEN] Desktop wars ..... (no not really)
Jason Parker-Burlingham
jasonp at panix.com
Thu Jun 26 12:39:31 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
"Christopher Biggs" <listjunkie at pobox.com> writes:
> "Three Blokes" <gerbil at bigpond.net.au> moved upon the face of the
> 'Net and spake thusly:
>> From: "Robert Brockway" <robert at timetraveller.org>
>>> # Allow ssh-agent to kick off the window manager ($MANAGER)
>>> ssh-agent bash -c "ssh-add < /dev/null && $MANAGER"
I think this line could be simplified quite a bit:
eval `ssh-agent` # get those environment vars going
ssh-add && $MANAGER # start the window manager when the passphrase is
# right
The problem that I have with doing things this way stem mostly from
the fact that *sometimes* you really just want to get back to your
environment in a hurry, like when the power has just gone out.
Removing the ssh-add from the X session script doesn't make it
necessarily more difficult to type in passphrases, and has the benefit
of not keeping you out if you're finding it hard to touch-type right
now.
> The ssh-add progam prompts the (the redirection of standard-input
> to come from /dev/null will ensure that 'ssh-add' uses an X-window
> prompt rather than a terminal-input prompt)
That's another reason I don't like to mess about with this method. I
had a great deal of trouble getting the askpass window working when I
first set this thing up; I was awfully confused and tried piping stuff
all sorts of ways. Besides that I'm wary of typing my passphrase into
graphical applications. (GNOME gpg anyone? Brrrrrrrrr!)
> On /my/ system I also have configured the screen-saver/locker daemon
> erase the stored passphrase, should I be idle for longer than 10
> minutes.
I keep meaning to do this. When someone is paying me to be a sysadmin
again, I think I will go through the bother.
> I can also press the "sleep" key on my keyboard to wipe my stored
> passphrase (and also lock the console) immediately.
Oh. I don't have a sleep button, but I'd like to see how you do that.
> The truly paranoid store their SSH keys on hot-plug removeable
> media such as smart-cards or USB-flash dongles.
The *truly* paranoid have vetted PGP for security problems, typed it
in from the back of the book, and boot from a CD-ROM when they need
access to their crypto.
jason
--
Stay up-to-date on what I'm doing lately:
http://www.panix.com/~jasonp
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list