<yambe:breadcrumb>OpenSSH server configuration|OpenSSH</yambe:breadcrumb>

Passphrase for ssh-keys

When our public key, private key etc. can be used to access some sensitive information that it makes sense to protect our keys with some passphrase. If you already have keys without passphrase then you can set passphrase for them using

   ssh-keygen -p

The same command can be used to change passphrase for existing keys.

Now when one uses key based authentication he/she is asked for passphrase for key based authentication to work. If we are going to use key based authentication a lot then this asking of passphrase so many times can be irritating. To solve that problem replace current shell with ssh-agent using:

   exec $(which ssh-agent) $SHELL

then use

   ssh-add

command and enter passphrase only once. Now shell would remember the passphrase and you can ssh to various servers with keys protected by passphrase without requiring to enter passphrase for each login. ssh-agent started in this manner automatically closes whenever shell exits, so we do not have to worry about security problems because of added keys once we have exited shell.