Dan, The private key is needed to generate public key signatures. These authenticate the client to the server and vice versa. Without authentication man-in-the-middle attacks would be possible. Furthermore, without authentication one cannot hope to establish session keys securely and thus there will be no confidentiality. Now, the passphrase is an extra protection measure. It has no direct effect on the security of the SSH protocol. Only the private key is needed by the protocol. Whether passphrase is used or not does not directly imply anything about the security of the session keys generated. Thus passphrase may be omitted in certain situations (in particular when it is guaranteed that the private key is stored in a secure place). Yet, one should know when not to omit the passphrase. The passphrase is used to protect the private key when it is not in active use (namely, its not in the working memory of the SSH protocol implementation). The protection is naturally only as strong as the passphrase (as the cliche goes), but it still may provide security against entities with very limited computing resources. It is clear that implementations may take different routes in their handling of the passphrase itself. Furthermore, they may allow the private key to be written on disk without being protected (e.g. when the operating system swaps the memory to disk). These may or may not cause real problems depending on the threat model you consider. Thus the passphrase is only used to weakly protect the private key from its immediate surroundings (e.g. other users of the system). Mika Kojo SSH Communications Security Corp Dan B writes: > Many thanks to Greg Wooledge and Michael Erdely for helping me figure my > newbie problem out. It indeed worked perfectly when I used protocol 2. (Duh). > > Now my next question: How important is the private key passphrase? > > Does having an empty passphrase increase the chances of a "man in the > middle" attack? Or does it lessen the encryption itself in another way(s)? > > Or does it only increase the security of the key itself? (By limiting the > usefulness of the private key even if it is stolen by a black hat). > > Again, my thanks and gratitude for the responsitivity (TM) of the many fine > members of this list. > > Dan Browning, Cyclone Computer Systems, [EMAIL PROTECTED] >
