Re: private key with no passphrase detection

On 15 Sep, 22:01, lath...@xxxxxxxxxx (Richard D. Latham) wrote:
all mail refused <elvis-85...@xxxxxxxxxxxxxx> writes:

On 2007-09-15, Nico <nka...@xxxxxxxxx> wrote:

private key has a passphrase. I personally wish that the key
generation tools would refuse to provide a passphase-free key without
a special command line option added, to discourage unwary users from

You need to get out and meet more users. If such a command-line option
existed it would be the _one_ that they were all familiar with.

I think he means the same sort of gymnastics required to use cypher
'none', i.e. you have to build you own version, and know how to figure
out the config option to build the capability into ssh-keygen.

No, I don't mean *that* much pain. There are legitimate uses for
passphrase free keys. But that extra step of adding a command line
argument would mean extra thought is required. Most especially, it
could prevent web tools and account management tools from permitting
passphrase free keys without adding a lot of extra pain to the design,
and discourage such behavior even further.

Default settings for tools require real thought.

.