[maximilian]

Can anyone comment on why password-less ssh-keys are bad? ("#11: Never ever use passphrase free key (passphrase key less) login.")

I usually figure that it just generates some random number based on the time + salt and that is more secure (brute-force attack-wise) than any silly password I could come up with myself.

[dkokelley]

The password is not what is used to authenticate to the ssh remote. The ssh private key is still used, it's just locked on the client side. You unlock the private key with the passphrase, and then use the unlocked (unencrypted) key to authenticate to the remote.

By using a password-free key, your private key is sitting in plain text on your local machine, which is a potential security risk.

(Apologies is your question is more nuanced than my understanding.)

[maximilian]

So, the private key is encrypted on the client side, which requires that the user type their key-password in, so that the client can send the private key in order to authenticate?

I generally use ssh keys so that I dont have to type my password in 50 times a day. Can this be done with a key-password, or does this defeat the entire purpose of having a key-password?

[wiredfool]

You can add it to ssh-agent, and it will be kept open for new connections to use.( and, even allow you to extend the keyed login to the next hop) Some desktops will do this automatically, Some are setup to ask for the password each time.

[jiggy2011]

Something I've considered doing is creating a truecrypt volume and somehow sticking all of my pre-shared keys and stored credentials in there, for SSH keys , wifi keys , lastpass & dropbox credentials etc.

So I can mount the volume and be logged automatically into everything then dismount when I'm done.

It's just the pain of rounding all of the various files up.

[sneak]

Or just use ssh-agent, encrypt your key, and store everything per-file encrypted in Dropbox like everyone else does.

OSX Keychain stores wifi keys encrypted on disk with a key derived from your user account password.

The only passwords I need to remember are my for my GPG key, my ssh key, Dropbox, and 1Password. Oh, and my user account.

[jiggy2011]

I'd rather not use per file encryption with dropbox because that could break syncing in big files.

The idea would be to have everything auto-login when the drive is mounted and nothing auto-login when it is not.

[cnvogel]

Besides the reference made by "wiredfool" about ssh-agent further down (which remembers the decrypted keys once you've entered the corresponding password so that other ssh sessions can use them without bothering you again, and: this connection can also be forwarded through consecutive ssh-sessions!)...

- You can mitigate the danger arising from unencrypted ssh-keys laying around by either generating special-purpose users for a certain task, or...

- you can set restrictions on what a certain ssh-key is allowed on the target host. This is described in the sshd(8) manual page, section "AUTHORIZED_KEYS FILE FORMAT".

Of course the other remedy against having to type passwords repeatedly is to use the pretty "ControlMaster" feature: The 2nd and following ssh-session re-uses the already authenticated channel of the first ssh connection. (ssh_config(5) manual page, section on ControlMaster).

[dredmorbius]

That key by itself becomes a valid access token.

If someone snarfs your key from local storage, they are you. They don't need a 2nd secret (the passphrase) to unlock the key.

If you use methods such as ssh-agent, you get all the convenience of a passwordless key (save the entering the passphrase into the agent) without the security risks.

You may find it necessary to use passwordless keys for some server processes, say, Nagios authentication or running remote jobs between servers. So long as you isolate these keys, restrict access to known hosts / IP ranges, etc., you're fairly well covered. Forced commands are another option to reduce the risk of such keys, though these aren't always appropriate.

[leejoramo]

If you don't use passwords on your keys, then any one who can access the key files on your local system, could access the remote server. Not using passwords removes an important layer of security.

That said, often you need to have password-less keys in order for systems to automatically communicate. For example, I setup backup servers without passwords.