04 June 2009

Hint: Set a good comment on your ssh key

Using a ssh key to login into a ssh account is really good. You don't have to know the passwords of the accounts you are logging into, only the password on the ssh key (if any). If you use a password on the key the password can be cached (for example using Pageant).

When creating a ssh key I really recommend that you set a good comment. For example using puttygen enter a "Key comment":

This should be included in the key:
  • The identity of you (for example your e-mail)

  • The computer you used to create it on (for example your Windows computer name)

  • The date you created the key

This way it will be so much easier when someone should clean up the keys from .ssh/authorized_keys. The identity is good if there are many users for the same ssh account (common in some corporations). The computer name and date is useful when you know that you have lost the key (for example because of hard drive crash), of when a security exploit has been published and the key is considered unsafe.

No comments:

Post a Comment