How many keys can I store inside a laptop's TPM? Is there a limit? I have hundreds of SSH key pairs, one for each thing I connect to. My .ssh/config file defaults to a nonexistent key for all hosts, except for hosts configured elsewhere in the file, where each host gets its own IdentityFile entry.
It has 6.3 Kb or something of memory. So not a lot.
What `ssh-tpm-agent` does is that it simply doesn't store the keys on the TPM at all. It creates the ephemeral SRK, then load a sealed private key back into the TPM that allows us to use it.
So you can have a couple hundred SSH key pair this way.
It's not terribly complex, and it's all scripted. I don't like my identity being trackable across services, or across areas of my life. For instance, dickheads have created databases of public keys scraped from services like github, which can be used to identify the vast majority of github users whenever they ssh into some other service. By default, the ssh client will try to authenticate with every available keypair until it finds a match, which can further leak information about you(r machine).
Yes, I understand the attack, but what is the threat? You are already uniquely identifying yourself to each of these servers. What is the threat to you if your identity is correlated between them? You probably have the same username on many of them, no?
It seems like privacy cosplay to me, tbh. I'm genuinely curious what type of threat it actually protects against, if any. What happens when two different systems you ssh into knows it's elric on both?
