33

When using ssh-keygen:
What is the passphrase for?
Why is it optional?

What are the security implications of specifying (or not specifying) one?

Below is an excerpt taken from a shell session (some details may have been altered):

user@localhost:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /user/.ssh/id_rsa.
Your public key has been saved in /user/.ssh/id_rsa.pub.
The key fingerprint is:
60:8b:50:1e:0f:bc:5a:2a:13:1e:83:2b:d9:95:38:9e user@localhost
The key's randomart image is:
+---[RSA 2048]----+
|   .+            |
|   o.+           |
|. ...o+          |
|ooo.=o o         |
|.*oB. . S        |
|*.E              |
|.o               |
|                 |
|                 |
+-----------------+
voices
  • 1,649
  • 7
  • 22
  • 36
  • 2
    as a piece of advise I would tell you to try connecting to a SSH server with using a keyfile and with the `-vvv` option. this would illuminate how this works for you. – LvB Apr 13 '18 at 12:07

2 Answers2

23
$ man ssh-keygen
[...]
It is possible to specify a passphrase when generating the
key; that passphrase will be used to encrypt the private
part of this file using 128-bit AES.

So this passphrase just encrypts the key locally. An attacker with access to your system will not be able to read the private key, because it's encrypted. (They could install a keylogger, though.) If your laptop is stolen for example, your ssh key might still be secure if you have a strong passphrase. Or even with a fairly weak passphrase (so long as it is not trivial), it will buy you some time to revoke the key and roll over to a new one, before the attackers can crack it.

It's optional because you can choose to accept the risk of having it not encrypted in storage. Or perhaps you have disk encryption enabled, which mitigates some of the same attacks (but not all, for example: malware can still steal the key, even with disk encryption; on the other hand, a stolen laptop is still secure unless stolen while running with the key in memory).

The server can require the use of both a public key and a password to log in. The security of this is different from using a password-encrypted public key. If you use an encrypted key, then:

  • you cannot change the password on the server side, you'll have to generate a new key;
  • someone might crack the key's password undetected, because they can do it offline (if the server requires a password, they have to ask the server "is aaaa correct? Is aaab correct?" etc.);
  • someone can crack the key much, much faster because it's an offline attack without network limitations; and
  • the server cannot use something like fail2ban to reject too many login attempts, because the cracking happens offline.
Luc
  • 31,973
  • 8
  • 71
  • 135
  • Doesn't using a password with a ssh key also prevent someone else using your key when connecting to a remote machine that already has your public key? I though the password was useful for the situation where a remote server only allows authenticated ssh access (ie. no user password logins), and as an added level of security requires a password when using the ssh key from the client. – cbcoutinho Apr 13 '18 at 11:24
  • @cbcoutinho I've edited my answer. Does that answer your question? – Luc Apr 13 '18 at 11:48
  • ja voor mij wel - bedankt! – cbcoutinho Apr 13 '18 at 12:14
  • Oh, I didn't see you weren't OP. Oops, I edited the question because I thought OP had an additional question :P – Luc Apr 13 '18 at 12:42
2

Here's the answer I was looking for myself, and could not find until I experimented with both having and not having a passphrase:

When the private key is encrypted, then you have to enter the passphrase every time you need to use it.

Then I learned about the "ssh-agent" daemon/service that can cache the credentials once per login. When I went through this, I was establishing my Gitlab.com connection.

Here is the script of my trying both.

Microsoft Windows [Version 10.0.19042.985]
(c) Microsoft Corporation. All rights reserved.

C:\Users\Administrator>where ssh-keygen
C:\Windows\System32\OpenSSH\ssh-keygen.exe

C:\Users\Administrator>ssh-keygen -t rsa -b 2048 -C "XXXXXXXXXXXX"
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\Administrator/.ssh/id_rsa):
Created directory 'C:\Users\Administrator/.ssh'.
Enter passphrase (empty for no passphrase):           <=====  here I did NOT use a passphrase
Enter same passphrase again:
Your identification has been saved in C:\Users\Administrator/.ssh/id_rsa.
Your public key has been saved in C:\Users\Administrator/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:------------------------------------------- XXXXXXXXXXXX
The key's randomart image is:
+---[RSA 2048]----+
|  xxxxxxxxxxxxx  |
|  xxxxxxxxxxxxx  |
|  xxxxxxxxxxxxx  |
|  xxxxxxxxxxxxx  |
|  xxxxxxxxxxxxx  |
|  xxxxxxxxxxxxx  |
|  xxxxxxxxxxxxx  |
|  xxxxxxxxxxxxx  |
|  xxxxxxxxxxxxx  |
+----[SHA256]-----+

C:\Users\Administrator>cat %userprofile%/.ssh/id_rsa.pub | clip

    NOTE:
    NOTE:   at this point I navigated to gitlab in my browser, and pasted the key
    NOTE:

C:\Users\Administrator>ssh -T git@gitlab.com
The authenticity of host 'gitlab.com (172.65.251.78)' can't be established.
ECDSA key fingerprint is SHA256:-------------------------------------------.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'gitlab.com,172.65.251.78' (ECDSA) to the list of known hosts.
Welcome to GitLab, @<username>!

C:\Users\Administrator>ssh -T git@gitlab.com
Welcome to GitLab, @<username>!

C:\Users\Administrator>ssh-keygen -p
Enter file in which the key is (C:\Users\Administrator/.ssh/id_rsa):
Key has comment 'XXXXXXXXXXXX'
Enter new passphrase (empty for no passphrase):       <=====  here I DID use a passphrase
Enter same passphrase again:
Your identification has been saved with the new passphrase.

    NOTE:
    NOTE:   now I'm prompted every time
    NOTE:

C:\Users\Administrator>ssh -T git@gitlab.com
Enter passphrase for key 'C:\Users\Administrator/.ssh/id_rsa':
Welcome to GitLab, @<username>!

C:\Users\Administrator>ssh -T git@gitlab.com
Enter passphrase for key 'C:\Users\Administrator/.ssh/id_rsa':
Welcome to GitLab, @<username>!

    NOTE:
    NOTE:   set up the service to run (it is disabled by default)
    NOTE:

C:\Users\Administrator>sc config ssh-agent start= auto
[SC] ChangeServiceConfig SUCCESS

C:\Users\Administrator>sc start ssh-agent

SERVICE_NAME: ssh-agent
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 9508
        FLAGS              :

    NOTE:
    NOTE:   will still get prompt, until 'ssh-add' (which itself prompts)
    NOTE:

C:\Users\Administrator>ssh -T git@gitlab.com
Enter passphrase for key 'C:\Users\Administrator/.ssh/id_rsa':
Welcome to GitLab, @<username>!

C:\Users\Administrator>ssh-add .ssh\id_rsa
Enter passphrase for .ssh\id_rsa:
Identity added: .ssh\id_rsa (XXXXXXXXXXXX)

    NOTE:
    NOTE:   no more prompting until I reboot :D 
    NOTE:

C:\Users\Administrator>ssh -T git@gitlab.com
Welcome to GitLab, @<username>!

C:\Users\Administrator>echo Tada!
Tada!

C:\Users\Administrator>
CrashNeb
  • 121
  • 1