GPG::SSH; notes for current best practices
When I start at a new company, I always do a refresher on my key security.
One thing I always hate about SSH is that the encryption scheme is pretty basic actually, and once your ssh-agent is loaded- anything can just request a sign/authorize.
So, in tried and true “over engineering” fashion, I’ve taken to using my GPG key as my ssh key instead, and using gpg-agent instead of ssh-agent.
Another thing is to use elliptic curves instead of RSA, RSA is still secure, but ECC (ECDSA) is faster and theoretically more resistant, and everything from 2016 onwards supports it, so it’s fair to assume it is supported in my SSH programs of choice. :)
First, to create a ECDSA key we have to use expert mode with the
jan.harasym@sm-mbp-jmh ~ % gpg2 --full-gen-key --expert gpg (GnuPG/MacGPG2) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc. This is free software: you are free
Continue reading →