I found an X509 oriented device relatively easy for ssh (for gpg it is naturally... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		yayana on Aug 3, 2018 \| parent \| context \| favorite \| on: The default OpenSSH key encryption is worse than p... I found an X509 oriented device relatively easy for ssh (for gpg it is naturally harder to use these non gpg devices with some kind of bridge daemon). Assuming Linux or OsX where your distribution has an opensc that already supports your device, ssh is only about 3 incantations of magic: https://nilsschneider.net/2013/06/20/epass2003-quickstart.ht... But there is no safe way of getting away from having 1 pin.

acdha on Aug 4, 2018 [–]

On current versions of macOS it’s built in so all you need is to generate the key and add one line to your SSH config:

    PKCS11Provider=/usr/lib/ssh-keychain.dylib

https://support.apple.com/en-us/HT208372

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact