jerichojyant / usbkey Goto Github PK

josh@[hostname]:~$ usbkey ssh
Enter passphrase for /media/josh/keysandbackups/id_rsa: 
Bad passphrase, try again for /media/josh/keysandbackups/id_rsa: 
SSH key loaded

Note: Locking or shuting down your USBKey will not remove the SSH key
It will persist until you end this terminal session

"It will persist until you end this terminal session" is not exactly accurate. It persists on all terminal sessions that the user successfully ran "usbkey go", "usbkey ssh", or otherwise added it to the ssh-agent. Given the security driven nature of this project, it seems vital to be precise.

Problem

When running the usbkey ssh or usbkey go, the loadSSHKey function will display a success message even if the USBKey is locked or not present. The user is told that the SSH key is loaded, and it is not.

josh@[hostname]:~$ usbkey ssh
/media/josh/keysandbackups/id_rsa: No such file or directory

SSH key loaded
Note: Locking or shuting down your USBKey will not remove the SSH key
It will persist until you end this terminal session

Solution

Change error handling approach in loadSSHKey function to the approach used by the other functions (String comparison with captured command output)

Problem:

When attempting to unlock a USBKey that has already been unlocked and mounted, the script does not check to see if the device is mounted. It instead tries to unlock it again. It handles the resulting error correctly, but it should not ask for a passphrase that's not needed.

josh@[hostname]:~$ usbkey unlock
Passphrase: 

USBKey 'keysandbackups' already unlocked

This is inconvenient and wastes the end user's time. This should be the output:

josh@[hostname]:~$ usbkey unlock
USBKey 'keysandbackups' already unlocked

Solution

The passphrase prompt is given by the udisksctl unlock... command in the bash script's unlockUSBDrive. This command is redundant when the device is already unlocked.

Check to see if the device is mounted using a shell command before running any udisksctl commands and output the "already unlocked" message.

I tried out VS Code when creating usbkey. It does not have spell check by default (I'm spoiled by JetBrains). There are spelling errors in the readme, and the bash script has spelling errors in both the source code and its console output.

It's a quick fix but I'm leaving it open for anyone who's new to GitHub or open source contributions.

The setup for a USBKey isn't that hard -- but it may be intimidating, and users need to understand the dangers as well as be given help showing which device they are about to wipe.

The commands are simple enough that they could be scripted, and with the script giving a warning and a link to an overview, the amount of information needed is minimal -- just the name of the disk (such as "/dev/sda"), and the desired name of the USBKey (such as "keysandbackups"). We could optionally give the user a choice of filesystem (ext4 vs xfs).

The main issue is confirming that the user is hitting the right device, and that could be done through grepping some detailed output about the current disk devices (I found the command while researching this project but forgot what it is... found it: udisksctl info -b /dev/sda might help).

I want to be able to put my USBKey in, run a command, make git/ssh work in my terminal, and then remove my USBKey.