1
1
It's clear to me why I would use a passphrase on my clients authentication keys, but what's the purpose of a passphrase for my server authentication keys?
I've read trough a tutorial, where the server authentication keys were generated using
ssh-keygen -t ed25519 -f ssh_host_ed25519_key < /dev/null
Now this generates the keys and uses nothing as a passphrase.
If were to choose a passphrase here, what would it affect and when would it be asked for?
edit: would that even work, as I theoretically would have to enter the passphrase on the server upon connection initiation?
apoc
Posted 2015-04-20T13:33:27.990
Reputation: 543
no idea but a wild guess.. to prove that the server is who it is? and re how- also no idea but perhaps if somebody stole the servers key .. I then there'd be a question re how anybody could pretend to be the server, it'd/if it'd have to be the same IP.. so maybe if it was the same LAN as the server so could forge its IP, Or maybe if ssh blah.com and a hacker got blah.com somehow forwarded to some other server, then for it to work that server would keed the key and passphrase not just the key. – barlop – 2015-04-20T14:08:30.830