Max Nikulin <maniku...@gmail.com> wrote: > On 19/12/2024 15:56, Chris Green wrote: > > Horses for courses, I enter login passwords/passphrases quite frequently > > (lots of > > different systems that I ssh to) long, unmemorable, passwords would be > > useless. > > Generate a private key and add its public counterpart to > ~/.ssh/authorized_keys on remote machines. Locally running ssh-agent > allows to authenticate on remote machines without typing the pass phrase > for the private key for each connection. It is more secure than > passwords against brute force attacks. > Yes, but the passphrase for the private key then becomes your "password that you have to remember". The security of the actual connection is better as an intruder has to guess the key but IMHO I don't think that's the issue.
I do in fact use ssh key based accessed for all my 'external' ssh connections, as you say this is more secure against direct attacks on the remote ssh server. However I did say in my post above "passwords/passphrases", I have to enter passphrases quite frequently for these ssh connections (I have agent set so the passphrase expires after a while), that's what I was talking about. -- Chris Green ·
