On 9/17/20 2:44 AM, Chris Green wrote:
> Public Key authentication doesn't (by default, using an agent) provide
> this security, once the key passphrase has been entered anyone with
> access to my laptop can connect to my home machine.
I'm not quite sure how to unpack "by default, using an agent". Are you
referring to the agent's default behavior or that you are using an agent
by default?
Have you looked at the "-t <seconds>" option to adding keys to the agent?
My understanding is that you can make keys via agent behave as if they
only exist in the agent for the specified number of seconds.
This makes me think that if your keys had a passphrase on them and that
the number of seconds since added had expired that you would be prompted
for the passphrase for the key again.
I think that you might be able to get the ssh agent to behave somewhat
like sudo in that it remembers you for a specified amount of time.
--
Grant. . . .
unix || die