On Wed, Feb 07, 2001 at 12:16:14PM -0500, Christopher R. Jones wrote:
>
> I've found documentation on how to create keys with ssh that don't say
> anything at all about using the passphrase option when running
> 'ssh-keygen'. Then I also find documentation that only shows you how
> to create keys using a passphrase when running 'ssh-keygen'.
>
> My question is... what are the pros/cons of using/not using a
> passphrase?
My opinion: if your client machine is not secured, no matter what you do if
somebody breaks into the client they can get in to the servers that you are
authorized on. If your client is secured, nobody will be able to get at
your secret key file so there's no reason to put a passphrase on it. The
only reason to put the passphrase on is if the key sometimes leaves your
machine to a backup server or if you're worried about physical seizure of
your machine. In those cases, use ssh-agent on your client.
- Dave Dykstra
