Empty #SSH agent before sleep
▻https://etienne.pflieger.bzh/a-ecrit/empty-ssh-agent-before-sleep.html
I use SSH keys to connect to the remote servers I manage. As those keys are password protected and it can be tedious to enter (long, complex) passwords multiple time per day, I setup an agent a long time ago to unlock keys once in the morning and then forget about them.
The only problem I realize recently was that the agent did nothing specific when I put my computer in sleep (going to lunch, answer a call, whatever). This means that all my keys are still loaded in memory and a well equiped attacker might access them. Or if a less equiped attacker discover my session password, he can also log in to any server.
The solution chose is to empty the SSH agent each time my computer goes to sleep. It means that after each resume I have to enter again the keys passwords, but this is a good (...)