[KLUG Members] ssh-keygen

[Adam Bultman]

bert wrote:
>
> Hi all,
>
> When generating a ssh key with ssh-keygen I always use -t DSA.
> On the question to enter a passphrase, I always just press entre twice
> (no passfrase).
> After reading the howto I am not sure anymore if this the most secure
> choise.
> The howto explains that this passphrase will be used to encrypt the
> private part of this file using 3DES.
> Is this good or bad? So should I enter a passfrase or better not?
>

I enable passworded keys on my workstation at work simply so that if
someone gets into my
PC, they still need the password in order to get to any of the servers I
manage.  If you have passwordless SSH to your servers, you're in
trouble. If you have passwordless sudo on your servers as well, you're
hosed! 

ssh-ask-pass should remember your ssh passphrase while you're logged
into X (I think I use seahorse-daemon to manage this, as well as my gpg
keys) and you can still do a clear of your password phrase before you go
home / to lunch / whatever.

Adam