Passwordless ssh question


#1

Reading the howto on the dh wiki about ssh says not to use a passphrase? I need to clarify that an id_rsa.pub without a passkey is only good from my machine, and that from any other machine the ssh logon will ask for the regular password. Is this correct?

listenlight.net


#2

setting up a passwordless SSH/SFTP login for your machine will not allow anyone to log into your account without password. When you follow that process you’re creating a file on your computer and on the server. Both of those files have to be there, and I believe it also checks that you’re coming from the same IP Address.

So no need to worry, you’ll be safe. :slight_smile:

–Matttail
art.googlies.net - personal website


#3

You can add an IP address check to the authorized_keys file on the server, but it’s not there by default. (Do man sshd for more info.)

A passphrase protects your private key. The idea is that if someone was to get a hold of your private key file, it would be useless without also knowing the passphrase. If you don’t use a passphrase, then getting a copy of the private key file will give someone the ability to log into the server.