[CentOS] SSH Question relating to Public and Private Keys

Tue Apr 15 08:23:15 UTC 2008
Daniel de Kok <me at danieldk.org>

On Tue, Apr 15, 2008 at 7:56 AM, Clint Dilks <clintd at scms.waikato.ac.nz> wrote:
>  1. Currently all of the key pairs we are using have empty passphrases is it
> worth the effort of changing this and setting up ssh-agent compared to what
> you gain in security by doing this ?

Sure. In the first case someone would only need the key to get into a
machine, in the second case you need a key and a passphrase.

Of course, that's stating the obvious, but it clearly adds a layer of
security. So, do you want to trade security for comfort? I wouldn't,
but that's your choice to make.

>  2. At this stage I am going to use RSA Keys of the default size, is this
> generally the best approach?

While asymmetric cryptography is slow, the RSA keys are used to
exchange keys for (fast) symmetric cryptography. So, it's usually a
good idea to create large keys. Fortunately, the default in OpenSSH is
2048, which seems to be a fair key size.

-- Daniel