Any serious DevOps will only ssh by key file. Not with password, right? And mostly our powerful key file can unlock many critical envs. Have you ever uploaded your private key to other envs, like jumpbox? What if your key is magically stolen by hackers somehow?
Time to protect your sensitive ssh key by passphrase. And live with it, headache-free.
Update Per Audience Feedback:
- Thanks to Joshua Cornutt: When storing a private key on a server, I’d opt for a hardware option (HSM) since it’s likely the key will need to be actively used and thus a passphrase can’t be securely used (think automated use of a server-side private key) .
Cheat Sheet for impatient users. Recommend to read this post through, even for experienced users.
|Load key file||
|Remove all loaded keys||
|Whether it’s encrypted||
|Load key without prompt||Check link: here|
[…] can add passphrase protection for ssh key files. What’s better, use different passphrases for different key files. Thus even if hackers take […]