To add an extra layer of security, you can add a passphrase to your SSH key. You can use ssh-agent to securely save your passphrase so you don't have to reenter it. You can change the passphrase for an existing private key without regenerating the keypair by typing the following command:. If your key already has a passphrase, you will be prompted to enter it before you can change to a new passphrase. You can run ssh-agent automatically when you open bash or Git shell. For more information, see " Generating a new SSH key and adding it to the ssh-agent ".
The ssh-agent process will continue to run until you log out, shut down your computer, or kill the process. The first time you use your key, you will be prompted to enter your passphrase. If you choose to save the passphrase with your keychain, you won't have to enter it again. Otherwise, you can store your passphrase in the keychain when you add your key to the ssh-agent.
For more information, see " Adding your SSH key to the ssh-agent. All GitHub docs are open source. I was setting up ssh for github and I found it interesting that in addition to a public and private key, a "passphrase" is also needed. Here is the github documentation. What is the purpose of this "passphrase". The passphrase is used to lock access to the private SSH key. The reason you use keys is to have something more secure than passwords, but a private keyfile without protection will grant access to all your systems to anyone who accesses your computer.
So, the passphrase is there to add an extra security layer. It is simply used as an added precaution so that someone who gains access to your PC or similar does not have complete access to all your files. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams?
Collectives on Stack Overflow. Learn more. What is the passphrase used for in ssh key generation? Ask Question. Asked 6 years, 1 month ago. Create a free Team What is Teams? Learn more. Ask Question. Asked 3 years, 6 months ago. Active 5 months ago. Viewed 37k times. When using ssh-keygen : What is the passphrase for? Why is it optional? What are the security implications of specifying or not specifying one? Improve this question.
Add a comment. Active Oldest Votes. If you use an encrypted key, then: you cannot change the password on the server side, you'll have to generate a new key; someone might crack the key's password undetected, because they can do it offline if the server requires a password, they have to ask the server "is aaaa correct?
Is aaab correct? Improve this answer. Luc Luc Doesn't using a password with a ssh key also prevent someone else using your key when connecting to a remote machine that already has your public key?
I though the password was useful for the situation where a remote server only allows authenticated ssh access ie.
0コメント