23 Aug 2015
NOTE: This is a “retroposted” article – I originally created and wrote this in the summer of 2015, but now (30 Nov 2019) I’m revising it and merging it into my new blog system. There was some discussion about this on Hacker News at the time. The concept here is a bit useless now (everyone’s got an SSH client on their phone, right?), but I think it’s a neat thing to have, just in case.
This article outlines a system of “single-use SSH keys” – SSH keys
which, when used to log in, automatically delete themselves from the
user’s authorized_keys file.
Say you’re stranded without a laptop, but you need to SSH into a remote box for some urgent maintenance. You could carry a flash drive around with a long-term SSH key, but would you trust that to a public computer?
This issue could be partially resolved with a “disposable” SSH key – a key that can only be used to log in once (ideally you’d never have to do this – but the world is non-ideal[citation needed]). The idea is that you’d generate one or two keys in advance and use them as needed in situations like the one above.
Each key in a user's .ssh/authorized_keys file can be
modified to run a command when the key is used for authentication. This
mechanism can be (ab)used to delete the key from the list after it is
used to log in:
command="sed -i \"/MYMH_user_DONOTMODIFYTHISCOMMENT_onetime0^/d\" $HOME/.ssh/authorized_keys ; $SHELL" ssh-rsa AAAA.... MYMH_user_DONOTMODIFYTHISCOMMENT_onetime0This system is far from perfect. It does not offer any protection against the following:
It does, however, protect against a long-term key from being stolen and being used by an attacker to authenticate later, because a key is rendered worthless after being used.
To automate the process, I've written a simple shell script that automatically generates and sets up some single-use keys.
The script can be downloaded from here.
SHA1: 5a68f99d933003dc4aac17134af5186c65d50efa
MD5: c1e4b1d03d516711f006d96e974ce9e9