SSH keys without passphrases are just fancy credential files sitting in your .ssh/ directory, basically like writing your passwords on paper and leaving it in your desk drawer.
Well, the main reason I do it every time is because I’m just too lazy to setup pinentry.
But yeah, for the Bluetooth keyboard, I realise I better get off it.
I had mine on paper for years before i learned about Keepass. I trusted it more than a cloud based manager because someone would have to physically be in my room.
I am a lot more careful these days but that is not beyond the pale for a lot of folks haha
I think this post is about git CLI, not www.github.com.
SSH keys are very secure and you can still encrypt them with a password if you wish.
SSH keys without passphrases are just fancy credential files sitting in your
.ssh/directory, basically like writing your passwords on paper and leaving it in your desk drawer.Yeah, but who wants to type in a password everytime they push/pull?
I do it.
Every time.
And I keep a wired keyboard for it.
Get a load of Ross Ulbricht ovah here!
Well, the main reason I do it every time is because I’m just too lazy to setup
pinentry.But yeah, for the Bluetooth keyboard, I realise I better get off it.
TIL some people store SSH keys unencrypted
I had mine on paper for years before i learned about Keepass. I trusted it more than a cloud based manager because someone would have to physically be in my room.
I am a lot more careful these days but that is not beyond the pale for a lot of folks haha
It’s not about encryption/security it’s about creating something that can’t be phished.
We know that 2fa is secure. But if an attacker can trick you into giving them the code, or typing it in a fake box. Then they own you.
Passkeys are made so that there’s nothing to give, nothing to type. You must control the device.
SSH keys are more like passkeys than passwords.
I’d love to see the state of online banking if everyone were to manage their own ssh keys
In all seriousness, they are similar, but not quite in this context.
There’s a good project on how to make ssh key infra more scalable and innately secure. Then you can use passkeys on top if you’d like.
https://github.com/openpubkey/openpubkey
https://github.com/openpubkey/opkssh
I personally use this on all my servers.
Most people couldn’t figure out how to download a binary release from a GitHub repo, much less clone it, regardless of HTTP or SSH.
True, not the point though