Next Previous Contents

5. SSH Keys with a passphrase

Well that that was not too bad was it? But isn't this a bit insecure, anyone who where to gain access to my console would be able to log in to remote systems using your keys. Or what if I lost my key, the finder would be able to access every system on which I installed my public key.

To sort out this problem we can use a passphrase on our key. This does nothing more than configuring your key so that you have to enter a passphrase to use it. So every time you want to use your key with ssh, you'll have to enter this passphrase. Lets give that a shot.

First we generate the key with ssh-keygen". When asked for a passphrase you can enter your passphrase to add it to the key. Remember, the longer and stronger you make your password, the harder it will be for any malicious h4x0r (or government agency) to decrypt it. Save the key to /home/username/.ssh/indentity as recommended by the ssh-keygen program. In the case you want to create an SSH protocol 2 key, you wil need to specify which encryption method you want to use.

A brief example of creating the keys can be found below. First we will try and create an SSH 1 key

5.1 Generating the keys

Generating public/private rsa1 key pair.
Enter file in which to save the key (/home/dave/.ssh/identity): /home/dave/.ssh/identity
Enter passphrase (empty for no passphrase): *enter your passphrase here*
Enter same passphrase again: *repeat your passphrase*
Your identification has been saved in /home/dave/.ssh/identity.
Your public key has been saved in /home/dave/.ssh/
The key fingerprint is:
24:bc:0b:fs:f5:06:1d:c0:05:3a:59:09:e3:07:8a:8d dave@caprice

It works the same way for SSH 2, only in this case you will have to specify which method to use. This could be like this: ssh-keygen -t dsa or ssh-keygen -t rsa

5.2 Testing the setup

To test this setup, we will have to put the public key on the remote server again since we created a new one. After that use the command "ssh -v -i .ssh/identity" to test it. The ssh program will ask you for the passphrase for the user@system key file. After you enter your passphrase, it will load the key and use it to authenticate you using ssh.

Remember that you can use a passphrase instead of a password to use for your keys, so use these features and let your crypto protect you!

Next Previous Contents