|
|
|
|
|
|
by jvoorhis
3636 days ago
|
|
|
You're answering the wrong question. They're asking about passphrase for SSH key not OS user accounts. Adding a passphrase to your SSH private key is a best practice but not easily enforced without some manual process or command and control for sysadmin workstations. Hardware tokens containing private keys and used via PKCS#11 are another option for providing some assurance. The token itself can require a PIN. |
|
|
If you select an easy passphrase for your key, it's similar to selecting a weak password for your bank account when your bank doesn't enforce password constraints. Buyer beware.
An ideal solution would be a two-factor key encryption. That would require the two-factor key to unlock the private key. There might be something out there like that. I haven't looked though.