Identity added: /Volumes/keys/id_rsa (/Volumes/keys/id_rsa)įinally, you can make an encrypted backup image in case our USB drive shits the bed.Īgain, open Disk Utility. $ /Volumes/keys/loadĮnter passphrase for /Volumes/keys/id_rsa: **********
Now, you can simply run /Volumes/keys/load to load your keys and eject the drive automatically. You will need to mark the script as executable: $ chmod +x /Volumes/keys/load Instead, let’s script it.Ĭreate the following script on your drive, and name it load: #!/usr/bin/env bash
But that’s a lot of typing and feels fairly error prone. Script to Load Keys and EjectĪt this point, you could use the drive by manually adding the keys to your running agent and ejecting the drive. Then add the newly-created public key to your Github account. Xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx Tammer Saleh Your public key has been saved in id_rsa.pub. Your identification has been saved in id_rsa. You create a new SSH key pair by running ssh-keygen: $ ssh-keygen -f /Volumes/keys/id_rsa -C "Tammer Saleh"Įnter passphrase (empty for no passphrase): In fact, it’s probably a good idea to use this as a chance to create a fresh set either way, just in case yours have been compromised. If you don’t already have SSH keys, then you’ll want to generate a new set.
Be sure not to save the password into the OS X Keychain. Now, you’ll be prompted for your decryption password whenever you insert the drive.
Select the disk (not the volume) on the left and navigate to the “Erase” tab. Plug your drive into your computer and open Disk Utility. Once you’ve found a USB keychain drive to your liking, you’ll want to reformat it using macOS’s built-in encrypted filesystem. We prefer the Kingston DataTraveler drive due to its size and cost. This strengthens our access to Github repositories and the numerous deployments we manage.įollow these instructions to increase your security at home and work as well. Here’s how we’ve implemented two factor authentication across the board for our SSH keys using USB keychain drives. The commonly agreed upon tenets of strong security is that it requires a combination of “something you know, something you have, and something you are.” Two factor authentication includes both of those - usually something you know and something you have. Security is something you know, something you have, and something you are. Try out the “scripts-autoexpire” for a similar experience with a few extra features. UPDATE: This post’s process has been encoded and published in this repo, pivotal/usb-login-scripts.