Private ssh-keys storage [new feature]

[approximatenumber]

This feature may be very useful for Linux-engineers, espesially for system administrators. They often connect to servers over SSH and use a pair of RSA/DSA-keys to login without password. The main problem is how to store a private key. So, using pastilda like a secure key storage increases the level of security.

For example, here is one of my private keys, which may be stored on pastilda:

melnikov@workpc-324 ~ $ cat .ssh/id_rsa

-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAuqLf163YcSN7YatFmw3dUpfrlIsL7hZKDPSG7aZb6BGLEZAU
atdxXO8znmsYZvwlJpWwZpDgqJ2W51a6typXpl9Ct+0Jb0FZZwA+v/+ATThXMzUh
mEDr3kdSre/BeD3u92czlbL/OFaoJDJ9yyFZtVFCsWE+fAmG4AcWfwaBxGyrcUWo
ElCHDpQdZ9uT9Ot/nWlRfp43sISPDJN6t3wI/KdZSmiKYKiU4vZlNhqx3a6uEnQF
whH6PwcHb047fFgTM/18yTq3LkrX8jNVrzHHS6giNBeDteHK50EmT/BwsQ/UhYWY
gpEc1aeJNhAFJdOAnN5vo5C/WSh8/b8x3jkJfQIDAQABAoIBAQC49AODx0IBDLqO
lZ5LBDhaSzcoY4sVDH2hzQmRpRTbK9d3NiMlpg8vm9S5n0P1etaOIDVJzzTzpAgR
hX9PWOS3eRuzDXIWENq6GiIVPuw0mirAEl0SdvPHuUKUIE7IDAguoNUb+uC1Qhsq
k+bZUFmIN9kx0z6KyR4iEKQYiag7sAl8IgbQsd3llmOayhejKES+6Fr1Fji8cBni
OeeQ+jw6kpiUKLkfdkKFjdsfkKfKSkdaSKDPASD()Dsd9sdKSKSKdjaskdkasdkk
ePc5GyECgYEA3+g+XumC8EpfRH8TUna6/xQsj0ntiRabI23pQp3g/Y/9wC56dxoL
QevKT2QyxdX+/syd6Z37SZGhEFZTW/phFtUWzqAmnbD3kPNDgF69YaR19rdgNzAK
pq8Fna4wE2eYNQdsBfrs6K2a0GvwlH+aTvFCrwNf+LHxqIs3AXI+/10=
-----END RSA PRIVATE KEY-----

[hexum]

What are IPs of your servers this key match? =)

[approximatenumber]

@hexum I`m not so naive to paste unchanged key ;)

[hexum]

Use tokens that have pkcs11 compatible libs for now. Like Yubikey. I'm using Rutoken, because I'm fucking russian and have no access to something better. It also work with opensc (open pkcs11 implementation).

[approximatenumber]

@hexum I`m russian too, it looks very funny: two russians speaks english :) Rutoken, Yubikey... Pastilda can compete with all of them in future, why not.

[hexum]

I'm not Pastilda developer. Just watching this project. We should wait for official answer. But I think there is no obstacles to implement CCID compatible smart card reader. SIM card reader slot must be added to curcuit board.

[thirdpin]

Hi, @approximatenumber! We have finished version 0.1, but we have implemented just basic functionality by now. Very soon we are going to start version 0.2, and we will necessarily come up with how to safely store SSH keys and other important files inside Pastilda!

Thanks for your activity! It's very important for us to receive feedback about our device.