Paul Hartman wrote on 08/01/09 00:28: > Hi, > > Normally I'm using SSH with regular password login, and I've read > about generating a keypair and having a password-less connection that > way. Is there a way to require both the key AND a password? Basically > if I put the key in my SSH client at work, I don't want a co-worker to > be able to login to my home PC, or someone to grab my phone, etc. > > Is there a way to put a passphrase on the key (seperate from my user > account password)? Maybe that would work... Otherwise I've thought > about having a dummy SSH account and then "su - realuser" to get > access, but that seems kind of messy. > > I've always used password login and IP-restricted it, but now I'm > traveling more and never know what IP I might be connecting from, so > using a key seems to be the best plan, or maybesome kind of > portknocking (but that's difficult from restricted ssh environments > such as a phone). > By default ssh-keygen creates a key pair with a passphrase. It's your choice to enter or omit a passphrase.
If you've generated a key without a passphrase, you can add a passphrase using ssh-keygen -p Entering a passphrase encrypts the private part of the key, which you keep only on the server. You only need the public part of the key on the client. Cheers, Dave
