On Wed, Jan 7, 2009 at 6:11 PM, Dave Jones <[email protected]> wrote: > Paul Hartman wrote on 08/01/09 00:28: >> Hi, >> >> Normally I'm using SSH with regular password login, and I've read >> about generating a keypair and having a password-less connection that >> way. Is there a way to require both the key AND a password? Basically >> if I put the key in my SSH client at work, I don't want a co-worker to >> be able to login to my home PC, or someone to grab my phone, etc. >> >> Is there a way to put a passphrase on the key (seperate from my user >> account password)? Maybe that would work... Otherwise I've thought >> about having a dummy SSH account and then "su - realuser" to get >> access, but that seems kind of messy. >> >> I've always used password login and IP-restricted it, but now I'm >> traveling more and never know what IP I might be connecting from, so >> using a key seems to be the best plan, or maybesome kind of >> portknocking (but that's difficult from restricted ssh environments >> such as a phone). >> > By default ssh-keygen creates a key pair with a passphrase. It's your choice > to enter or omit a passphrase. > > If you've generated a key without a passphrase, you can add a passphrase > using ssh-keygen -p > > Entering a passphrase encrypts the private part of the key, which you keep > only on the server. You only need the public part of the key on the client. > > Cheers, Dave
It works great. Thanks everyone for your responses! Paul
