Blargh

Let's say you don't have a TPM chip, or you hate them, or for some other reason don't want to use it to protect your SSH keys . There's still hope! Here's a way to make it possible to use a key without having access to it. Meaning if you get hacked the key can't be stolen. No TPM, but key can't be stolen anyway? Surely this is an elaborate ruse? Well yes, it is. My idea is that you essentially bounce off of a Raspberry Pi. But doing that straightforward is too easy. I've instead made an SSH proxy, and will show you how to automatically bounce off of it. You could do the same by setting up a second SSH server (or the same one), and hack around with PAM and a restricted shell. But this solution can be run as any user, with just the binary and the set of keyfiles. Very simple. The goal here is to log in to shell.foo.com from your workstation via a Raspberry Pi. The workstation SSH client presents its SSH...