I Stopped Trusting SSH Key Files
6 hours ago
- #ssh security
- #biometric authentication
- #secure enclave
- Generate SSH keys in the iPhone's Secure Enclave, which never exposes private keys to the system and requires biometrics for use.
- Disable password authentication on servers to prevent brute-force attacks, which are common globally.
- Hardware-based keys are non-exportable and device-bound, offering better real-world security than algorithm choices like Ed25519.
- Each device must have a unique key, and losing a device only requires removing one line from authorized_keys for revocation.
- The setup process is quick and ensures private keys are only stored in tamper-resistant hardware, providing high security without ongoing effort.