Debian world - apt sucks. For something with a sole purpose of resolving a dependency tree, it’s surprisingly bad at that.
Redhat world - everything is soooo old. I can see why business people like it, buy I rarely, if ever, agree with business people.
Opensuse world - I’ve only tried it once, probably 15 years ago. Didn’t really know my way around computers all that much at the time, but it didn’t click and I’ve left it. Later on I found out about their selling out to Microsoft and never bothered touching it again.
Arch - it was my daily for a year or two. Big fan. It still runs my email. At some point the size of packages started to annoy me, though. Still has the best wiki. I’ve never really bothered with the spinoffs, as the model of Arch makes them useless and more problematic to deal with.
I’ve got the Gentoo bug now. For the first time I genuinely feel ~/. A lean, mean system of machines :)
Yes, it can be done. Not to the point of deleting your key (that makes no sense - you need the key), but ssh-agent is what you want. Add it to your shell config and it will only ask to be unlocked once per however often you define.
I have this function defined and called:
<span style="color:#323232;">function ssh-agent-setup() {
</span><span style="color:#323232;"> # SSH agent
</span><span style="color:#323232;"> pid_file="$HOME/.ssh/ssh-agent.pid"
</span><span style="color:#323232;"> SSH_AUTH_SOCK="$HOME/.ssh/ssh-agent.sock"
</span><span style="color:#323232;"> if [ -z "$SSH_AGENT_PID" ]
</span><span style="color:#323232;"> then
</span><span style="color:#323232;"> # no PID exported, try to get it from pidfile
</span><span style="color:#323232;"> SSH_AGENT_PID=$(cat "$pid_file")
</span><span style="color:#323232;"> fi
</span><span style="color:#323232;">
</span><span style="color:#323232;"> if ! kill -0 "$SSH_AGENT_PID" &> /dev/null
</span><span style="color:#323232;"> then
</span><span style="color:#323232;"> # the agent is not running, start it
</span><span style="color:#323232;"> rm "$SSH_AUTH_SOCK" &> /dev/null
</span><span style="color:#323232;"> >&2 echo "Starting SSH agent, since it's not running; this can take a moment"
</span><span style="color:#323232;"> eval "$(ssh-agent -s -a "$SSH_AUTH_SOCK")"
</span><span style="color:#323232;"> echo "$SSH_AGENT_PID" > "$pid_file"
</span><span style="color:#323232;">
</span><span style="color:#323232;"> >&2 echo "Started ssh-agent with '$SSH_AUTH_SOCK'"
</span><span style="color:#323232;"> fi
</span><span style="color:#323232;"> export SSH_AGENT_PID
</span><span style="color:#323232;"> export SSH_AUTH_SOCK
</span><span style="color:#323232;">}
</span><span style="color:#323232;">
</span><span style="color:#323232;">ssh-agent-setup
</span>
This way it stores the unlocked key in memory until the end of the session.
I can show/help you how to self host for about $6/month + $10-15/year, if you’re interested. Could be cheaper if you’re willing to bet on a less reliable cloud provider.
Pulled pork. And then I wonder why I don’t do it more often, and then remember that I prefer homemade one, and then I realise :::: spoiler ain’t nobody got time for that :( https://i.imgflip.com/1f0umb.jpg
This doesn’t affect websites as such - it’s the end clients, i.e. browsers that would be forced to accept gov issued CAs. I don’t see anyone going after TOR as it’s already a very niche thing, so it should be fine.