# ssh-pass

I've been using pass for a while now and I really like it. But I don't like putting passwords or passphrases into my system clipboard if I can help it: writing code to sniff the clipboard is child's play, so I'd like to avoid that attack vector if possible.

One place that I thought would be simple would be the SSH utility to add keys to your SSH Agent: ssh-add. It should be possible to do something like this:

\$ pass github/sinewalker|head -1|ssh-add github/sinewalker


Unfortunately this isn't so: ssh-add doesn't accept your passphrase from STDIN when piped like this.

But, there is a way to do it.

Read more…

# Password databases: Installing password-store on Android

The final part of the password puzzle is getting my passwords into my pocket. There are quite a few images in this post (about 2MB) as I describe setting up the system on Android, which involves a lot of steps, with screen-shots.

Hold onto your hat, it's a bit of a fiddle.

Read more…

# Password databases: Migrating from KeePassX to Pass

I spent some spare hours on the week-end playing with Pass, importing my KeePassX database into password-store and synchronising it to a GitLab private repository.

It's a little tricky to get it set up, with a few moving parts, so I'm still experimenting. Here's what I've figured out so far.

Read more…

# Loading SSH keys at KDE startup

It's really handy to have all my SSH authentication be passwordless, but in a secure way. In openSUSE, the ssh-agent is started for you automatically, but you still need to add your identities manually (and enter passphrases when you do this). That's a bit of a pain to do every time you login.

Here are some simple scripts and steps I use to set up my KDE session so that it will automatically load my SSH identities when I login.

# OpenSSH slow logins and DNS

There is a feature of OpenSSH, enabled by default, that causes the ssh daemon to do a name lookup for the client and confirm that it matches its IP address. This is supposed to check against some sort of IP spoof during SSH login attacks.  However on my local network which lacks a DNS, it results in lengthy delays during logins.

Read more…