Jan Schaumann4d ago

Blogged it down because not everybody knows this:

- On macOS, ssh(1) has a "UseKeychain" option, which is awesome.
- If your ssh connection gets rejected, it might be because your agent has more than the server's MaxAuthTries keys it's trying; use 'IdentitiesOnly' to avoid that
- You can put your ssh private keys into 1Password and use _its_ SSH agent -> biometric unlock of ssh keys

https://www.netmeister.org/blog/sshkeys-macos-op.html

Show threadDavid Chisnall (*Now with 50% more sarcasm!*)
@jschauma There’s also an option that someone linked to from lobste.rs last week to generate and store keys in the secure element processor. These are unlocked by biometrics and can’t be leaked even in the event of a kernel compromise.
Mar 18 at 8:02amWeb
Show threadsvaclav4d ago

@david_chisnall @jschauma This is the link, probably:

https://gist.github.com/arianvp/5f59f1783e3eaf1a2d4cd8e952bb4acf

Native Secure Enclaved backed ssh keys on MacOS

Native Secure Enclaved backed ssh keys on MacOS . GitHub Gist: instantly share code, notes, and snippets.

Gist
Show threadsvaclav4d ago

@david_chisnall @jschauma And here the whole lobste.rs discussion:

https://lobste.rs/s/zcoz8h/how_do_you_manage_ssh_keys

How do you manage SSH keys?

77 comments

Lobsters
Show threadJan Schaumann3d ago
@svaclav @david_chisnall Nice, thanks for sharing, I'll link to that.