![]() ![]() ![]() The most secure way is to use different passwds for different ssh key-pairs. So in this situation, One key-pair and Multi key-pairs are the same. Without passwd, if our system is intruded by someone, then the breaker can get all of our private-keys and config, also the authentication of remote servers. The following table gives a simple rank about security (larger number means more secure): Security Ways to goĢ Multi SSH key-pairs (WITH passwd) (SAME passwd)ģ Multi SSH key-pairs (WITH passwd) (DIFF passwds) And let's assume all key-pairs and the config file are stored in ~/.ssh/. When we create a SSH key pair, we are asked for providing a passphrase to add a more layer to protect the private-key, as following: $ ssh-keygen -t rsa -b 4096 -C 'With_OR_Without_Passwd'Įnter file in which to save the key (/Your/HomeDir/.ssh/id_rsa):Įnter passphrase (empty for no passphrase):Īlthough there is an explicit prompt asking for passphrase, but some (or many) people still focus more on the information in brackets: (empty for no passphrase), and following that suggestion.Ĭombining whether or not using multiple SSH key pairs and whether or not enter additional passwd, we have at least four ways to go. I think reasonable can be considered from two different angles: security and convenience. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |