38,763
edits
No edit summary |
(Updating to match new version of source page) |
||
Line 92: | Line 92: | ||
Pour plus d'information, voyez [[Using_SSH_keys_in_Linux/fr|Utiliser des clés SSH sous Linux]]. | Pour plus d'information, voyez [[Using_SSH_keys_in_Linux/fr|Utiliser des clés SSH sous Linux]]. | ||
== | == Using a key agent == | ||
Although it's important to secure your private key by encrypting it with the passphrase, it is inconvenient to have to enter your | Although it's important to secure your private key by encrypting it with the passphrase, it is inconvenient to have to enter your | ||
passphrase every time you use the key. Rather than leaving the private key unencrypted, we strongly suggest using an SSH key agent. | passphrase every time you use the key. Rather than leaving the private key unencrypted, we strongly suggest using an SSH key agent. | ||
Line 100: | Line 99: | ||
This avoids storing the unencrypted private key on permanent storage, where it is more vulnerable to being stolen or copied. | This avoids storing the unencrypted private key on permanent storage, where it is more vulnerable to being stolen or copied. | ||
== | == Options for key generation == | ||
ssh-keygen shown above is using defaults, which are OK, but may not be ideal. | ssh-keygen shown above is using defaults, which are OK, but may not be ideal. | ||
for instance: | for instance: | ||
Line 113: | Line 112: | ||
ssh-keygen -t rsa -b 4096 | ssh-keygen -t rsa -b 4096 | ||
== SSH | == SSH key constraints == | ||
The public key syntax permits you to provide a number of very useful constraints that limit what the key is allowed to do. | The public key syntax permits you to provide a number of very useful constraints that limit what the key is allowed to do. | ||
By default, a public key installed without constraints can do anything. | By default, a public key installed without constraints can do anything. |