SSH keys without passphrases are just fancy credential files sitting in your .ssh/ directory, basically like writing your passwords on paper and leaving it in your desk drawer.
Take a look at ssh-agent. It’s bundled with ssh-client and designed to solve this problem.
The quick usage is, create a terminal and run:
eval `ssh-agent`
ssh-add /path/to/your/encrypted/key1
#type in password
ssh-add /path/to/your/encrypted/key2
...
# all commands in this terminal will use the keys above w/o asking you for a password
git clone[email protected]...
git push...
etc
So, basically you type your credentials once during the life cycle of your terminal.
If you really want to go full power-user, simple run ssh-agent (without the eval) and you’ll see it just sets some env-vars, which can be imported into any terminal/shell you have open.
So, if you put some logic in your shells rc file, you can effectively share a single ash-agent between all your shells, meaning you just need to type your password for your keys once when you log into your system… and your now passwordless for any future terminals you create (this is my setup).
Also, if you’re interested take a peek at the man pages for ash-agent. It has a few interesting features (ie: adding a password lock for your agent, removing keys from the agent, etc).
I had mine on paper for years before i learned about Keepass. I trusted it more than a cloud based manager because someone would have to physically be in my room.
I am a lot more careful these days but that is not beyond the pale for a lot of folks haha
SSH keys without passphrases are just fancy credential files sitting in your
.ssh/directory, basically like writing your passwords on paper and leaving it in your desk drawer.Yeah, but who wants to type in a password everytime they push/pull?
Take a look at
ssh-agent. It’s bundled with ssh-client and designed to solve this problem.The quick usage is, create a terminal and run:
eval `ssh-agent` ssh-add /path/to/your/encrypted/key1 #type in password ssh-add /path/to/your/encrypted/key2 ... # all commands in this terminal will use the keys above w/o asking you for a password git clone [email protected]... git push... etcSo, basically you type your credentials once during the life cycle of your terminal.
If you really want to go full power-user, simple run
ssh-agent(without the eval) and you’ll see it just sets some env-vars, which can be imported into any terminal/shell you have open.So, if you put some logic in your shells rc file, you can effectively share a single ash-agent between all your shells, meaning you just need to type your password for your keys once when you log into your system… and your now passwordless for any future terminals you create (this is my setup).
Also, if you’re interested take a peek at the man pages for ash-agent. It has a few interesting features (ie: adding a password lock for your agent, removing keys from the agent, etc).
I do it.
Every time.
And I keep a wired keyboard for it.
I had mine on paper for years before i learned about Keepass. I trusted it more than a cloud based manager because someone would have to physically be in my room.
I am a lot more careful these days but that is not beyond the pale for a lot of folks haha