SSH key question
Steven Mainor
steve at degga.net
Mon Dec 21 20:53:45 UTC 2020
On 2020-12-11 04:42, Chris Green wrote:
> On Thu, Dec 10, 2020 at 05:52:01PM -0800, MR ZenWiz wrote:
>> On Thu, Dec 10, 2020 at 2:26 PM Chris Green <cl at isbd.net> wrote:
>> >
>> :
>> > When you run ssh-key-gen do you provide a passphrase for the generated
>> > key or do you just hit return when asked? If you just hit return then
>> > the key is 'passphraseless'.
>> >
>> Are you saying I should use the 'passphraseless' key? I don't give it
>> one because I don't want to have one.
>>
> If the key is 'passphraseless' then you don't need to provide the
> passphrase when you use it to login to a remote ssh server. However it
> means that anyone with access to your system can get the key and use
> it themselves for remote access. If you provide a passphrase for the
> key then the system will ask for it when you use the key, an 'agent'
> of some sort remembers the key/passphrase for the duration of your
> session and thus you don't have to repeatedly enter the passphrase
> every time you use the key.
>
> Many systems allow you to configure them so that the passphrase for
> your ssh keys is the same as your login password and thus your key(s)
> can be automatically decrypted and kept in the agent when you log in.
>
> That's what my original question was asking, if you had provided a
> passphrase to the key which matched your login password on one system
> but not on the other you might see the symptoms you describe because
> the key would get automatically decrypted on one system but not on the
> other.
>
> --
> Chris Green
It is important to note that the key is simply stored in a file in your
home directory usually '~/.ssh/' so any application running as your user
has access to it. Which is why it's important to have that file
encrypted with a password. So that a single misbehaving program doesn't
steal the file. A remote attacker would then have access to your
devices/servers.
---
Steven Mainor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x9477C19B.asc
Type: application/pgp-keys
Size: 3065 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20201221/de449b12/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20201221/de449b12/attachment.sig>
More information about the ubuntu-users
mailing list