On 10/08/2018 16:03, Roman Mamedov wrote:
But I'd feel a lot happier if a second level of authentication were required to establish a wireguard connection, if no packets had been flowing for more than a configurable amount of time - say, an hour. It would give some comfort around lost/stolen devices.Couldn't you just encrypt your home directory? Or even the root FS entirely. Either of those should be a must on a portable device storing valuable information.But by analogy, would you say that SSH keys and PGP keys don't need protection by a passphrase?