pyratelog

personal blog
git clone git://git.pyratebeard.net/pyratelog.git
Log | Files | Refs | README
commit 6a7905bf27523e97956052c9c68a727178968646
parent ff6d536da236d5054da84e2340d6be2bd651b52f
Author: pyratebeard <root@pyratebeard.net>
Date:   Fri,  2 Dec 2022 09:22:20 +0000

where_the_sshadows_lie

Diffstat:

Mentry/where_the_sshadows_lie.md | 14+++++++-------


1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/entry/where_the_sshadows_lie.md b/entry/where_the_sshadows_lie.md
@@ -2,15 +2,15 @@ For as long as I can remember I have used one SSH key pair for each device.  I k
 
 I have three main devices; my desktop PC, my laptop, and my phone.  This means that any system I need to `ssh` on to requires three entries in the *authorized_keys* file.
 
-I use `drist` for ensuring my keys are on my servers (see a [previous post](TK){target="_blank" rel="noreferrer"} about this tool), meaning I can connect from any of my devices.
+I use `drist` for ensuring my keys are on my servers (see a [previous post](20210305-the_usefulness_of_drist.html){target="_blank" rel="noreferrer"} about this tool), meaning I can connect from any of my devices.
 
 When I rebuilt my laptop recently I generated a new key pair, then updated my `drist` configuration and pushed it out to my systems.  All was well until I wanted to connect to my account on [sdf.org](https://sdf.org){target="_blank" rel="noreferrer"}, and realised I had not pushed the updated public key for my laptop to my SDF account.
 
-This got me thinking.  For those that use a GPG key, it is very common to have one key that belongs to an identity.  In my case [my key](TK){target="_blank" rel="noreferrer"} is used with my email, git commit signing, and other encryption to prove I am pyratebeard.  The private key has been securely copied to my laptop and phone and imported into the GPG keyring.
+This got me thinking.  For those that use a GPG key, it is very common to have one key that belongs to an identity.  In my case [my key](http://pyratebeard.net/pgp.pub){target="_blank" rel="noreferrer"} is used with my email, git commit signing, and other encryption to prove I am pyratebeard.  The private key has been securely copied to my laptop and phone and imported into the GPG keyring.
 
 Could one SSH key pair for _my identity_ be enough?  If the private key was securely copied to my devices, then my systems and any accounts that require `ssh` only need to know about one key.
 
-To get an idea of how others work I put out [a poll](TK){target="_blank" rel="noreferrer"} on Mastodon.
+To get an idea of how others work I put out [a poll](https://harbour.cafe/@pyratebeard/109308316646121445){target="_blank" rel="noreferrer"} on Mastodon.
 
 ![results](/img/sshkey_poll_results.png#fitwidth)
 
@@ -39,7 +39,7 @@ Now is a good time to take the new SSH public key and copy it everywhere you nee
 gpg2 --export-ssh-key <key_id>
 ```
 
-Next we can stop our `ssh-agent` and `gpg-agent`.  I use [keychain](TK) for managing my agents so incant
+Next we can stop our `ssh-agent` and `gpg-agent`.  I use [keychain](https://www.funtoo.org/Funtoo:Keychain){target="_blank" rel="noreferrer"} for managing my agents so incant
 ```
 keychain --agents ssh,gpg -k
 ```
@@ -68,12 +68,12 @@ Now you can copy your updated GPG key to your other devices (you may need to del
 gpg2 -a --export-secret-keys <key_id> > gpg_with_ssh.asc
 ```
 
-The SSH subkey is working okay so far.  I am using it on my desktop (running Arch Linux), my laptop (running OpenBSD), and with [Termux](TK){target="_blank" rel="noreferrer"} on my phone.
+The SSH subkey is working okay so far.  I am using it on my desktop (running Arch Linux), my laptop (running OpenBSD), and with [Termux](https://termux.dev/en/){target="_blank" rel="noreferrer"} on my phone.
 
-There have been a few issues though, hopefully easily fixed with a bit of investigating.  On Termux I am not prompted for my GPG passphrase when I first start a session.  Maybe this is something to do with how `keychain` works on Termux.  I also noticed that if I have two `tmux` windows I need to rerun the `gpg-connect-agent` command otherwise `pinentry` may startup on the other window.
+There have been a few issues though, hopefully easily fixed with a bit of investigating.  On Termux I noticed that if I have two (or more) `tmux` windows I need to rerun the `gpg-connect-agent` command otherwise `pinentry` may startup on the other window.
 
 On OpenBSD `pinentry` seems to crash `tmux`.  This is my first OpenBSD install as a workstation so I am still figuring things out.
 
-During my research I was also reminded of [SSH certificates](TK){target="_blank" rel="noreferrer"} and their advantages over key pairs.  I am going to delve into that with my own systems (expect a write up!) but it doesn't help on systems I do not control, such as SDF.
+During my research I was also reminded of SSH certificates and their advantages over key pairs.  I am going to delve into that with my own systems (expect a write up!) but it doesn't help on systems I do not control, such as SDF.
 
 Relying only on my GPG for SSH still feels a bit odd but I will stick with it for a while and see how it goes.  It certainly makes my *authorized_keys* file management easier!