[sf-lug] wifi for Ubuntu boxes

Rick Moen rick at linuxmafia.com
Sat Dec 22 01:05:49 PST 2007


Quoting Alex Kleider (a_kleider at yahoo.com):

> I think this is only relevant if you control both ends (i.e. client AND
> server.. i.e. the machine you are on and using SSH which ofcourse you
> would be; AND the machine running the SSH daemon and onto which you
> want to log on.

Actually, that page just describes a generally usable alternative to
password authentication for SSH use, and you can use it anywhere if you
wish.

The bit about "leaving the password blank" when using ssh-keygen to
create your keypair is a mixed blessing:  The "password" the article
talks about, better known as a passphrase, is a privacy protection,
preventing other people on the machine where your private key is stored
from easily stealing it.

That is, ssh-keygen first generates the pair (private key and public
key).  Then, _if_ you provide a passphrase, it uses that to store the
private key on-disk in encrypted form using a symmetric (regular) cipher
such as 3DES.  Therefore, anyone stealing the on-disk form of your
private key will be unable to make use of it, because it's stored
encrypted.

When you attempt a connection using the keypair, your local SSH client 
prompts you for the keyphrase (if any) in order to decrypt the private
key into memory, before opening the requested connection.

As the article implies, it's useful to omit the passphrase during
key-generation _if_ you'll be using a keypair in automated scripts,
e.g., for backup.





More information about the sf-lug mailing list