Update ssh-keygen with secure password encryption #1099
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I know the documentation here suggests you don't need a password, but I am suggesting this change for two reasons: 1) If the user does want a password, they will want to use the -o option. Not using the -o option makes the password practically worthless. See here for details: https://latacora.singles/2018/08/03/the-default-openssh.html 2) This documentation comes up on the top 10 Google search results for "how do I make an ssh key". It's likely that ssh users (even experienced ones) may use this guide to create new keys. It is important we get users into the habit of using the -o option, since it should be the default for the command anyway, but for whatever reason was never updated as such.
ben
reviewed
Aug 4, 2018
| ---- | ||
|
|
||
| First it confirms where you want to save the key (`.ssh/id_rsa`), and then it asks twice for a passphrase, which you can leave empty if you don't want to type a password when you use the key. | ||
| First it confirms where you want to save the key (`.ssh/id_rsa`), and then it asks twice for a passphrase, which you can leave empty if you don't want to type a password when you use the key. However, if you do use a password, make sure to add the `-o` option. You can also use the `ssh-agent` tool to prevent having to enter the password each time. |
There was a problem hiding this comment.
I love this update, but I have one request. Can you reformat this so that each sentence is on its own line? It makes diffing much easier in the future (i.e. this will show up as two new lines, rather than a line deleted and two lines added).
|
Hi Ben, does this work? |
ben
reviewed
Aug 6, 2018
| First it confirms where you want to save the key (`.ssh/id_rsa`), and then it asks twice for a passphrase, which you can leave empty if you don't want to type a password when you use the key. | ||
|
|
||
| However, if you do use a password, make sure to add the `-o` option. You can also use the `ssh-agent` tool to prevent having to enter the password each time. | ||
|
|
There was a problem hiding this comment.
Can you split up these sentences onto their own lines? Also, I don't think we need a paragraph break here, so go ahead and delete line 39.
|
✨ Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I know the documentation here suggests you don't need a password, but I am suggesting this change for two reasons:
If the user does want a password, they will want to use the -o option. Not using the -o option makes the password practically worthless. See here for details: https://latacora.singles/2018/08/03/the-default-openssh.html
This documentation comes up on the top 10 Google search results for "how do I make an ssh key". It's likely that ssh users (even experienced ones) may use this guide to create new keys. It is important to get users into the habit of using the -o option, since it should be the default for the command anyway, but for whatever reason was never updated as such.