Posts about ssh


I've been using pass for a while now and I really like it. But I don't like putting passwords or passphrases into my system clipboard if I can help it: writing code to sniff the clipboard is child's play, so I'd like to avoid that attack vector if possible.

One place that I thought would be simple would be the SSH utility to add keys to your SSH Agent: ssh-add. It should be possible to do something like this:

$ pass github/sinewalker|head -1|ssh-add github/sinewalker

Unfortunately this isn't so: ssh-add doesn't accept your passphrase from STDIN when piped like this.

But, there is a way to do it.

Read more…

Loading SSH keys at KDE startup

It's really handy to have all my SSH authentication be passwordless, but in a secure way. In openSUSE, the ssh-agent is started for you automatically, but you still need to add your identities manually (and enter passphrases when you do this). That's a bit of a pain to do every time you login.

Here are some simple scripts and steps I use to set up my KDE session so that it will automatically load my SSH identities when I login.

OpenSSH slow logins and DNS

There is a feature of OpenSSH, enabled by default, that causes the ssh daemon to do a name lookup for the client and confirm that it matches its IP address. This is supposed to check against some sort of IP spoof during SSH login attacks.  However on my local network which lacks a DNS, it results in lengthy delays during logins.

Read more…