Forget SSH passphrase upon laptop suspend
calendar Dec. 21, 2015   category  bash   comments  comments


When you are already using a passphrase on your private SSH key (you should!), once you've entered the passphrase it will be remembered until you either logout or reboot. But most people who're using laptops only reboot when they've just updated major system components and rarely (if ever) log out.

So to secure your SSH sessions even more, add the contents of this little script to /usr/lib/systemd/system-sleep/forget-ssh.sh and make it executable:

 

#!/bin/bash
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh /usr/bin/ssh-add -D

 

Replace the value of SSH_AUTH_SOCK with whatever suits your environment (hint: execute 'env' to see more information about your current environment session).

Reload systemd:

 

# systemctl daemon-reload

 

And now every time your laptop goes into suspend (usually when closing the lid) or hibernates, all passphrases entered for your private SSH keys will be magically forgotten.



tags  security , bash , ssh
Share: