In case you haven't yet set up an encrypted USB drive yet, this article has clear directions on how to encrypt an entire USB drive. If you don't have a USB drive that you want encrypted, please talk to your anchor or send an ask ticket for a USB drive that you can dedicate to this purpose.
From there, you can follow GitHub's directions for adding a new SSH key to your account, making sure to save the key on your now-encrypted drive (not the default location in your home directory). Please use a password different from the USB drive's password and different from your GitHub account password. (Since you're already in your account settings, this would also be a great time to enable two-factor authentication on GitHub as well.)
Then, to make it super-easy to just plug in your USB key and activate your SSH key for a limited time, you can follow this example:
$ ls /Volumes/some_volume/
total 8
-rwxr-xr-x 1 tsaleh 176B 4 Feb 17:39 add_key*
-rw------- 1 tsaleh 1.7K 4 Feb 11:20 id_rsa
$ cat /Volumes/some_volume/add_key
#!/usr/bin/env bash
HOURS=$1
if [ -z $HOURS ]; then
echo "Usage: $0 <num hours>"
exit 1
fi
ssh-add -t ${HOURS}H $(dirname $0)/id_rsa
diskutil umount force $(dirname $0)
$ /Volumes/some_volume/add_key
Usage: /Volumes/some_volume/add_key <num hours>
$ /Volumes/some_volume/add_key 1
Enter passphrase for /Volumes/some_volume/id_rsa:
Identity added: /Volumes/some_volume/id_rsa (/Volumes/some_volume/id_rsa)
Lifetime set to 3600 seconds
Volume some_volume on disk6 force-unmounted
Just plug your key in, run /Volumes/some_volume/add_key 1, and put your key back in your pocket. Gives you SSH access for N hours.
Whether you use a script like above or just manually ssh-add -t 8H /Volumes/your_drive/id_your_key, make sure that you always add the SSH key with a time limit so that you aren't accidentally logged in to a station permanently.
The article doesn't exist. It just shows the
Appletag