passphrases are your friendAbout three months ago, I wrote about How to copy files around without anyone seeing them. In response to that article, Jeff Seely has written in about passphrases. Thanks.
A passphrase is often associated with ssh and pgp identity keys. In order to use the keys, you must enter your secret passphrase. But passphrases are optional, as you can see in the above link.
Jeff Seely writes:If you don’t set a passphrase and someone manages to get their hands on the file that store your private key they can use them. However, if you set a passphrase they can try to use them but will still need to have your passphrase for them to work properly. Here are two excerpts from a tutorial I read that is mentioned later in this article.
To further protect your private key you should enter a passphrase to encrypt the key when it is stored in the filesystem. This will prevent people from using it even if the gain access to your files.
Always, always, type in a good pass-phrase when prompted for one. It can be multiple words (i.e. spaces are just fine within the phrase), so you could choose a sentence that you can remember. Changing some of the words by misspelling them or by changing some of the letters into digits is highly recommended to increase the strength of your pass phrase.
I know what you are thinking, the purpose of you trying scp in the first place was so you didn’t have to enter a password (or passphrase), or store them in clear text in your scripts. And you are right, you will be prompted for your passphrase if you set one. But I did a little research and found a way around that. The ssh protocol suite has two utilities for this, ssh-agent and ssh-add. What you would do is run "ssh-agent $SHELL" and use "ssh-add" to add your public key’s passphrase into memory. I hope I am making sense, because like I said my knowledge of crypto, and ssh is not great, but I set my system up like this and it works for me. I found a very good resource at http://csociety.ecn.purdue.edu/~sigos/projects/ssh/overview/ if you would like to check it out.