It's always good to have a passphrase entered whenever you are generating any ssh-key for the server access as it helps to prevent unauthorised access in case you key is compromised from the security point of view and are mostly the requirement of the audits as it act as an two factor authentication which requires the passphrase and secure key entered to access the server.
You can also enable the google authentication in which case it will generate a passcode on applications such as google authenticator and apart from the passphrase and key a person accessing the server would need to enter the google authenticator code as well in order to access the server thus increasing the security even further. Covered this in my previous post below
In case you forget to enable the passphrase and want to enable it now use the following command to enable the passphrase without effecting your existing key file
ssh-keygen -p -f ~/.ssh/id_rsa
Simply and enter your passphrase 2 times and now every time you ssh to server with your key you will need to enter this passphrase.
In case you want to remove the passphrase use the following command
ssh-keygen -p
enter your old passphrase and leave it blank afterwards. This basically overrides your previous passphrase with blank passphrase.
You can also enable the google authentication in which case it will generate a passcode on applications such as google authenticator and apart from the passphrase and key a person accessing the server would need to enter the google authenticator code as well in order to access the server thus increasing the security even further. Covered this in my previous post below
In case you forget to enable the passphrase and want to enable it now use the following command to enable the passphrase without effecting your existing key file
ssh-keygen -p -f ~/.ssh/id_rsa
Simply and enter your passphrase 2 times and now every time you ssh to server with your key you will need to enter this passphrase.
In case you want to remove the passphrase use the following command
ssh-keygen -p
enter your old passphrase and leave it blank afterwards. This basically overrides your previous passphrase with blank passphrase.
0 comments:
Post a Comment