• jonjuan@programming.devEnglish
      453·
      5 days ago

      encrypt them with a password if you wish.

      SSH keys without passphrases are just fancy credential files sitting in your .ssh/ directory, basically like writing your passwords on paper and leaving it in your desk drawer.

      • rumba@lemmy.zipEnglish
        11·
        4 days ago

        but they require chmod 400 and they’re ideally in on an encrypted disk

        So the desk drawer is locked and the codes are Luks encrypted.

        And for critical stuff, you should also have a password on the key.

        If your ssh keys are like a passwords on paper in a drawer, you’re doing it wrong.

      • ThunderQueen@lemmy.world
        81·
        5 days ago

        I had mine on paper for years before i learned about Keepass. I trusted it more than a cloud based manager because someone would have to physically be in my room.

        I am a lot more careful these days but that is not beyond the pale for a lot of folks haha

    • Evotech@lemmy.world
      2·
      4 days ago

      It’s not about encryption/security it’s about creating something that can’t be phished.

      We know that 2fa is secure. But if an attacker can trick you into giving them the code, or typing it in a fake box. Then they own you.

      Passkeys are made so that there’s nothing to give, nothing to type. You must control the device.