Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's important to encrypt your private key with a passphrase. Use ssh-agent to store the un-encrypted key in memory on login. On OSX 10.5 or greater, this is really easy: http://bit.ly/alDMhp. Make sure to add 'ForwardAgent Yes' to your ssh config, and then never have to type your ssh password again.


It is almost as bad to have your passphrase-protected key permanently stored in ssh-agent, because anyone with access to your machine can use the key without the passphrase. A better solution is to use ssh-agent with the -t option to establish a lifetime (after which you will need to re-enter the passphrase).

My setup is to keep ssh-agent running with a 2-hour lifespan, and connect to that automatically when I log in. Basically this:

    $ ssh-agent -t 7200 > ~/.ssh-agent
    $ echo "source ~/.ssh-agent" >> ~/.bash_profile
    $ [... log in ...]
    $ ssh-add
I am not annoyed by re-entering my passphrase every two hours.


This. The parent's idea is similar to storing the user's password forever in memory for sudo. As any ol' neckbeard could tell you, that's a Bad Thing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: