use ssh-agent & ssh-add instead of null passph
Posted by: Anonymous Coward
on March 20, 2004 12:42 PM
It's just silly to use a null passphrase! The ssh toolchain comes with tools that allow one to enter the passphrase to the key only once while using it for multiple logins. In bash, simply enter # eval $(ssh-agent) # ssh-add
and now you can ssh to whereever your key allows you to and you don't have to enter your passphrase. [All child-processes of this particular shell have access to the ssh-agent which stores the key in memory]. When you are done, you unload the key from memory by entering # ssh-add -D and the key is thereby unusable to anybody that does not know it's long passphrase.
As long as the key is in memory, it's up to the user to ensure the physical integrity of the shell where the ssh-agent is running, and unload the key from memory before leaving the computer for lunch. A key with a null passphrase can, however, be of potential use to anybody at any time!
The ssh toolchain is meant to increase security. Please don't teach people silly things such as using null-passphrase keys when there are much better alternatives which do not lead to decreased security.
If ssh-agent and ssh-add is not sufficient, I suggest you to look at keychain: http://www.gentoo.org/projects/keychain/
Learn about Linux
Download Linux
Get Linux help
use ssh-agent & ssh-add instead of null passph
Posted by: Anonymous Coward on March 20, 2004 12:42 PMThe ssh toolchain comes with tools that allow one to enter the passphrase to the key only once while using it for multiple logins.
In bash, simply enter
# eval $(ssh-agent)
# ssh-add
and now you can ssh to whereever your key allows you to and you don't have to enter your passphrase. [All child-processes of this particular shell have access to the ssh-agent which stores the key in memory].
When you are done, you unload the key from memory by entering
# ssh-add -D
and the key is thereby unusable to anybody that does not know it's long passphrase.
As long as the key is in memory, it's up to the user to ensure the physical integrity of the shell where the ssh-agent is running, and unload the key from memory before leaving the computer for lunch.
A key with a null passphrase can, however, be of potential use to anybody at any time!
The ssh toolchain is meant to increase security. Please don't teach people silly things such as using null-passphrase keys when there are much better alternatives which do not lead to decreased security.
If ssh-agent and ssh-add is not sufficient, I suggest you to look at keychain:
http://www.gentoo.org/projects/keychain/
#