You can specify -v up to three times to increase the verbosity of
the debugging information. Likewise, to debug the server side, stop
the sshd daemon and run it from a shell using one to three -d (debug)
options.
13.14 Using Passphrase Protection of SSH Keys
Using SSH without public key authentication results in a password request for
each new SSH connection, but using SSH with public key authentication is only as
secure as the ~/.ssh/id_rsa file. If that file is compromised??”by a trojan program,
account compromise, or even a stolen copy of a system backup??”the accounts on
other hosts will also be compromised. The challenge is balancing convenience
against vulnerability.
SSH provides a solution to this problem too (of course!). Your private key file can be
protected by a passphrase, and the ssh-agent program can be set up to request the
passphrase only once per session, regardless of how many SSH connections are later
established. If the private key file is stolen, it will be useless without the passphrase.
To set up a passphrase on your private key when using OpenSSH, execute ssh-keygen
with the -p option. I used TOPsecret as the passphrase in this example:
blue$ ssh-keygen -p
Enter file in which the key is (/home/chris/.
Pages:
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298