SSH key question

Chris Green cl at isbd.net
Fri Dec 11 09:42:01 UTC 2020


On Thu, Dec 10, 2020 at 05:52:01PM -0800, MR ZenWiz wrote:
> On Thu, Dec 10, 2020 at 2:26 PM Chris Green <cl at isbd.net> wrote:
> >
> :
> > When you run ssh-key-gen do you provide a passphrase for the generated
> > key or do you just hit return when asked?  If you just hit return then
> > the key is 'passphraseless'.
> >
> Are you saying I should use the 'passphraseless' key?  I don't give it
> one because I don't want to have one.
> 
If the key is 'passphraseless' then you don't need to provide the
passphrase when you use it to login to a remote ssh server.  However it
means that anyone with access to your system can get the key and use
it themselves for remote access.  If you provide a passphrase for the
key then the system will ask for it when you use the key, an 'agent'
of some sort remembers the key/passphrase for the duration of your
session and thus you don't have to repeatedly enter the passphrase
every time you use the key.

Many systems allow you to configure them so that the passphrase for
your ssh keys is the same as your login password and thus your key(s)
can be automatically decrypted and kept in the agent when you log in.

That's what my original question was asking, if you had provided a
passphrase to the key which matched your login password on one system
but not on the other you might see the symptoms you describe because
the key would get automatically decrypted on one system but not on the
other.

-- 
Chris Green




More information about the ubuntu-users mailing list