Skip to content

Instantly share code, notes, and snippets.

@stupakov
Created April 23, 2014 18:50
Show Gist options
  • Save stupakov/11227904 to your computer and use it in GitHub Desktop.
Save stupakov/11227904 to your computer and use it in GitHub Desktop.
Encrypted USB Drive + SSH key directions

In case you haven't yet set up an encrypted USB drive yet, this article has clear directions on how to encrypt an entire USB drive. If you don't have a USB drive that you want encrypted, please talk to your anchor or send an ask ticket for a USB drive that you can dedicate to this purpose.

From there, you can follow GitHub's directions for adding a new SSH key to your account, making sure to save the key on your now-encrypted drive (not the default location in your home directory). Please use a password different from the USB drive's password and different from your GitHub account password. (Since you're already in your account settings, this would also be a great time to enable two-factor authentication on GitHub as well.)

Then, to make it super-easy to just plug in your USB key and activate your SSH key for a limited time, you can follow this example:

$ ls /Volumes/some_volume/
total 8
-rwxr-xr-x  1 tsaleh   176B  4 Feb 17:39 add_key*
-rw-------  1 tsaleh   1.7K  4 Feb 11:20 id_rsa

$ cat /Volumes/some_volume/add_key
#!/usr/bin/env bash

HOURS=$1

if [ -z $HOURS ]; then
  echo "Usage: $0 <num hours>"
  exit 1
fi

ssh-add -t ${HOURS}H $(dirname $0)/id_rsa
diskutil umount force $(dirname $0)

$ /Volumes/some_volume/add_key
Usage: /Volumes/some_volume/add_key <num hours>

$ /Volumes/some_volume/add_key 1
Enter passphrase for /Volumes/some_volume/id_rsa:
Identity added: /Volumes/some_volume/id_rsa (/Volumes/some_volume/id_rsa)
Lifetime set to 3600 seconds
Volume some_volume on disk6 force-unmounted

Just plug your key in, run /Volumes/some_volume/add_key 1, and put your key back in your pocket. Gives you SSH access for N hours.

Whether you use a script like above or just manually ssh-add -t 8H /Volumes/your_drive/id_your_key, make sure that you always add the SSH key with a time limit so that you aren't accidentally logged in to a station permanently.

@cocoa1231
Copy link

The article doesn't exist. It just shows the Apple tag

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment