I'm considering setting up ssh keys to access my servers. If my
understanding is correct, it is strongly advised to use a passphrase (to
encrypt the private key, I think!) as otherwise anyone getting hold of the
private key file will have unfettered access to the servers!
But it is also suggested that ssh-agent (or keychain etc) is used to manage
passphrases - so that one does not have the trouble of keying in a long
passphrase everytime! I feel this defeats the very purpose of a passphrase!!
A person getting hold of the ssh-agent config (or whatever file that holds
the passphrase) file can just as easily access the servers!!
Am I missing something here??
thanks,
mano
--
Lord, give us the wisdom to utter words that are gentle and tender, for
tomorrow we may have to eat them.
-Sen. Morris Udall