Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hey there. I password protected an ssh private key on a system for security reasons. However, entering the password every single time is getting to be a bit annoying, and even problematic in some applications. I seem to recall hearing that Linux has some kind of short-term password caching mechanism, but I can't remember any of the details. Can I get some guidance from the gurus?
Hey there. I password protected an ssh private key on a system for security reasons. However, entering the password every single time is getting to be a bit annoying, and even problematic in some applications. I seem to recall hearing that Linux has some kind of short-term password caching mechanism, but I can't remember any of the details. Can I get some guidance from the gurus?
This will always be a trade-off. IMHO looking for a short-term password caching mechanism is choosing the easy way out. That has nothing to do with security. If a key is used by human users then there's no single other simple way than to require users to use ssh-agent. If a key is used by a non-human user then your options are limited in that you could ponder using a pass phrase-less key provided you do not use the root account and limit network, user, file system access, connection options and the commands that can be run. In case of the latter it would be good to strengthen your system to ensure a proper audit trail can always be retrieved afterwards.
As unSpawn mentioned, if you want a passphrase protected key, you will need an "ssh agent". In the Windows world, where many people use "putty" for their ssh client, the agent is named "pageant" and comes with the putty distribution. In the Linux world, the ssh agent is named "ssh-agent" (who would have thought?!)
Another option is to keep your private key, with no passphrase, on an external thumbdrive that you plug into your computer when ssh'ing. Then remove the thumbdrive when you're done for the day. And never lose the thumbdrive into some evil villians hands, since you private key is unprotected. You could also encrypt the thumbdrive so that even though your private key has no passphrase, it is still protected. But if you're going to that trouble, might as well just use an ssh agent instead.
For software using the keys, I don't know of any way to do that except by using no-passphrase keys. Who knows, somebody may be able to suggest a way to do that, but I don't know a way personally.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
