On Wed, Nov 30, 2005 at 12:37:19PM -0800, Mike Leo wrote:
There are conflicting doc's at this point...some say you need an ssh-agent, some don't mention it. Some use passphrases, some don't. But if i have to enter an ssh passphrase everytime, why not just use the account password?
Passwords get sent tunneled through the encrypted SSH connection. A trojaned ssh server could steal your password. Passphrases and private keys are never sent anywhere outside of your box (unless you want them to). If an account password gets compromised, you may have to change it on many boxes, and it may be shared with other unrelated accounts elsewhere. If a passphrase gets compromised, it doesn't allow anyone to do anything without your private key file--you need both the private key and the passphrase. You can share your passphrase for many different private keys, but still have different passwords on unrelated remote systems. You can cache the passphrase in the memory of your local box (ssh-agent) so you don't need to enter anything to ssh to remote boxes. Using a private key with a blank passphrase means someone could steal your private key file and use it to log in as you. This weakens the requirement for having to steal both the private key and the passphrase. Since the private key sits on disk for a long time, someone down the road could steal it and you may never know. This is even worse if you use a network filesystem for your home directory. The passphrase encrypts your private key.