Home Pareto Security Checks

SSH keys require a password

What

If you use SSH with key encryption, then the keys should have passphrase or hardware key authentication. In case the device is stolen, it's a lot harder to rebuild the keys that are protected this way.

Depending on the organization or services that you use you might already have the keys present. When you set the passphrase, you won't need to enter it whenever you use the key, as the authentication is preserved until the next login or wake-up from sleep.

How to fix

To secure them:

  • Open Terminal app and type
    ssh-keygen -p -f ~/.ssh/id_rsa
  • Replace id_rsa with the name of the key that was reported
  • Press enter, you will be prompted to enter the password
  • Re-run checks, you will need to repeat steps for every key that is found

If you want to create new SSH key, the GitHub docs, provide a great starting point.

See code on GitHub