Passwordless ssh keys

This is a common junior-engineer mistake.

You need to execute a program or access files on another computer with a ssh command in a background script, but a ssh key is required. Good security requires the key to have a password. Redirection tricks can be used to input the password to the ssh program. But now you have exposed the password in clear text. That is just as bad as having no password. Screw it; just remove the password. Done.

Mistake! Now, anyone who gets a copy of your private key will have access to ALL the places where you use that key!

Most of the time, passwordless keys are created because engineers are lazy. To be more generous, passwords slow down their development “flow.” However, there is a solution that has minimal impact (once set up), and it is more secure than passwordless keys.


Use ssh-agent

Continue reading Passwordless ssh keys