Forget SSH passphrase upon laptop suspend

Dec. 21, 2015 bash comments Dec. 21, 2015

When you are already using a passphrase on your private SSH key (you should!), once you've entered the passphrase it will be remembered until you either logout or reboot. But most people who're using laptops only reboot when they've just updated major system components and rarely (if ever) log out.

So to secure your SSH sessions even more, add the contents of this little script to /usr/lib/systemd/system-sleep/forget-ssh.sh and make it executable:

#!/bin/bash SSH_AUTH_SOCK=/run/user/1000/keyring/ssh /usr/bin/ssh-add -D

Replace the value of SSH_AUTH_SOCK with whatever suits your environment (hint: execute 'env' to see more information about your current environment session).

Reload systemd:

# systemctl daemon-reload

And now every time your laptop goes into suspend (usually when closing the lid) or hibernates, all passphrases entered for your private SSH keys will be magically forgotten.