On Thu, Jan 8, 2009 at 10:57 AM, Paul Hartman <[email protected]> wrote: > On Wed, Jan 7, 2009 at 6:11 PM, Dave Jones <[email protected]> wrote: >> Paul Hartman wrote on 08/01/09 00:28: >>> Hi, >>> >>> Normally I'm using SSH with regular password login, and I've read >>> about generating a keypair and having a password-less connection that >>> way. Is there a way to require both the key AND a password? Basically >>> if I put the key in my SSH client at work, I don't want a co-worker to >>> be able to login to my home PC, or someone to grab my phone, etc. >>> >>> Is there a way to put a passphrase on the key (seperate from my user >>> account password)? Maybe that would work... Otherwise I've thought >>> about having a dummy SSH account and then "su - realuser" to get >>> access, but that seems kind of messy. >>> >>> I've always used password login and IP-restricted it, but now I'm >>> traveling more and never know what IP I might be connecting from, so >>> using a key seems to be the best plan, or maybesome kind of >>> portknocking (but that's difficult from restricted ssh environments >>> such as a phone). >>> >> By default ssh-keygen creates a key pair with a passphrase. It's your choice >> to enter or omit a passphrase. >> >> If you've generated a key without a passphrase, you can add a passphrase >> using ssh-keygen -p >> >> Entering a passphrase encrypts the private part of the key, which you keep >> only on the server. You only need the public part of the key on the client. >> >> Cheers, Dave > > It works great. Thanks everyone for your responses! > > Paul >
Well, almost great :) I can't figure out how to get NXclient to connect. It says the key is corrupt or has a passphrase (which it does). Has anyone used NX with a key-based SSH with passphrase? Thanks, Paul
