What is the purpose of passphrase when I generate public and private keys using ssh-keygen?

1

What is the purpose of passphrase when I generate public and private keys using ssh-keygen?

I'm fairly new to all the SSH business. I have some basic idea about that using SSH public and private keys allows me to be identified and authorized by remote SSH server without having to have a password transferred over the Internet. But when I generate the keys, it also offers to type in optionally a passphrase. What is this passphrase for? What is the pros and cons to use it?

qazwsx

Posted 2012-01-15T04:51:00.893

Reputation: 6 739

Answers

2

To encrypt your keys. So if an attacker get's your private/public key, it can't do anything with them.

LanceBaynes

Posted 2012-01-15T04:51:00.893

Reputation: 3 510

2To amplify: Imagine you have the private-key pair on a laptop. You lose the laptop. A thief gets access to your private key and can impersonate you and access all the computers you have access to. A passphrase helps to prevent this. – RedGrittyBrick – 2012-01-15T09:42:00.560

If I store the private key file on a USB drive which is shared with some friends sometimes, do I need to further protect the file or is the passphrase sufficient? – qazwsx – 2012-01-17T01:11:45.570

Asked: 2012-01-15T04:51:00.893

Viewed: 794 times

Active: 2012-01-15T04:54:09.633