On Sun, 31 May 2015, ?ngel Gonz?lez wrote: > When you want unattended running over ssh even accross reboots, > there's little option than having unprotected keys. PKCS#11 token (e.g. a TPM) without a PIN. An attacker might be able to steal use of the key, but they can't steal the key itself. Otherwise, a hardware-free solution is to have an init script start a ssh-agent at boot set to listen on a known socket, add keys to it and then remove the keys from the filesystem. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
