[Techtalk] thoughts on OpenSSH key passphrase/ no passphrase

[Juliet Kemp]

On Sun, Nov 27, 2005 at 11:39:43AM -0800, Carla Schroder wrote:
> Being the belt n suspenders type, I always put a passphrase on my SSH
> keys. If I need automatic logins, like cron jobs or I just don't feel
> like typing a lot of dern passphrases, I use the keychain utility.
> (The one drawback to keychain is you have to start over at reboot.)
> 
> Some folks think using public-key authentication without a passphrase
> is more secure that using it with a passphrase. Which does not make
> sense to me.

Nor to me.  Do you have any pointers to anyone's explanation of their
reasoning for this?  

My thought process is (for those logins for which I use keys; some are
just password-only): if someone wishes to break in, they first need to
get my SSH key (i.e. break into my shell account), then they need to
also crack my key passphrase.  That's 2 lots of password-cracking (or
one lot of some-other-variety-of-crack & one lot of password-cracking).  

If I *don't* have a passphrase, they just have to do the first step.

For automatic updates, I use ssh-agent & ssh-add.  So (for example), I
authenticate my personal key for all the boxes I admin every morning
when I log onto my desktop machine.  This does provide one obvious
security problem (if someone breaks into my office while I'm out of it)
which will be reduced significantly just as soon as I get xscreensaver
on Debian to play nicely with NIS+ password authentication :-)  

For root SSH logins (which are passphrase-only on the boxes I'm
responsible for): I use these when I'm running an update/change on every
machine in turn.  So I write the update script (ssh to every box in turn
& execute update/change), log in using ssh-add, run the script, & log
straight out again.  There's a small window where someone who had
already nabbed my key could get in; but they'd also have to spoof their
IP address as the key is authenticated only when coming from my desktop. 


Juliet