This is the line that’s done best for me on the radio: “The NSA would like to remind everyone to call their mothers this Sunday. They need to calibrate their system.”
A while back, I posted a link to SSHKeychain, an OS X tool that acts as a user-friendly graphical interface to the ssh agent. I didn’t begin to use this tool until a few weeks ago. It had been on my short list of new software that I needed to try, but I kept putting it off.
Well, I finally tried it, and I really like it! It just doesn’t get any easier than this. This is such a simple piece of software, but I don’t know how I have lived without it for so long.
First of all, the idea behind the ssh agent is to save time. The agent caches your public keys and uses them to log you in to servers. These keys are normally stored on your hard drive in an encrypted format. When loading them into the agent, they are first decrypted.
In order to use public key ssh authentication without an agent, you would have to type in the key password and then wait for the key to be decrypted before any authentication could take place. Or you could store unencrypted keys on your hard drive, but that’s not something that I want to do on a laptop. So the agent really makes a lot of sense, even if it’s just to save those few keystrokes each time I connect.
But this tool goes a bit further than an ordinary agent. It automatically adds your ssh private keys to the agent when you need them. Automatically. Even if your keys aren’t in the agent when you type your ssh command, they are added when you first use them. With other agents, you have to be sure that you manually load the keys before you ssh. This tool eliminates the need to even think about loading the keys.
Your key passwords are stored in your keychain, the standard OS X password store. This means that you truly have single signon. Log in to your Mac, and you are logged in to all of your servers, too.
And it is integrated so well that I don’t ever notice its presence. In fact, other than typing my password once to unlock my keychain after logging in to my iBook, the only thing I notice is that I don’t have to type passwords to log in to my servers any more. I have not clicked on the SSHKeychain icon on the menu bar once since I first installed it.
But best of all, it is completely free. And the source is available. It is actually donationware, so if you like, be sure to let the author know.
The tool also has support for tunnels, but as of this writing, I have not used that part yet. I am a huge fan of ssh tunnels, so I am sure that I will have more to say about this part soon.
Bruce Schneier’s Crypto-Gram Newsletter is now a blog. Schneier on Security will have the same content as the newsletter but will be updated more frequently. The same great security news and advice will now be available in a more familiar, easily searchable form. If you are interested in computer security, be sure to check the site out.
Security is not a priority at Friendster. Well, at least that’s what they told Annalee Newitz for the June issue of Wired. Jason Kottke discovered that they had asked Wired to revise their quote, however. The revised article states that security is a big concern. Somehow I still don’t believe this. Friendster has enough work on its plate just to keep their slow site up and running that I doubt they have time to properly deal with security.