Nostr Web Client

An ssh private key is still on the remote machine, but only readable by your user.

What I want is for that key to be airgapped. And multisig. And everything else you can do to secure, say, a Bitcoin key that only has access to a 1000 sat utxo on chain, but that utxo buys you access to a server. To make it physically impossible to steal or spoof that key.

Cpt. Charisma 9mo ago

That's the normal way of doing things, but it's not the only way. The key is only needed for connection setup. After that, a newly generated 'session key' is used for communication. You could create a custom client that used external keys for authentication. There is probably already an ssh client that can use an external signing device, but I would be surprised if an airgapped version exists. I don't know how complicated the protocol setup is, but I would guess it takes more than two steps.

Anyway, since you are opening an on-going control connection, an attacker only has to hijack your computer to gain access. Air gaps don't really gain you anything in this case. Bitcoin is much more limited in the scope of what needs to be signed, so it's much easier to air gap.

Reply to this note

Please Login to reply.

Discussion

No replies yet.