Does SSH key with type ecdsa-sk or ed25519-sk need passphrase?

DGideas

10/12/23, 2:32 PM

OpenSSH 8.2 introduced new public key types "ecdsa-sk" and "ed25519-sk", and the key file contains a reference to the private key credential stored on the FIDO/U2F hardware. Should I still need enter a passphrase when create these types of SSH key? It's seems useless if one attacker get the private key file without FIDO/U2F hardware access.

1222

1 + 0

ssh

Score:1

Server

Michael Angel P.

10/12/23, 8:29 PM

It depends, your ssh key would be useless without the hardware key, but what if he stole them together? eg he takes your laptop or your bag with the hardware key inside.

You can optionally add a passphrase so the attacker would need the private key, the hardware key, and something that only you know. If you like the extra layer of security or this ssh key gives access to the whole company, then a passphrase would be a great extra layer of security.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Does SSH key with type ecdsa-sk or ed25519-sk need passphrase?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.