I'm currently managing my homelab using SSH with a username and password, but I've heard that switching to SSH keys is a safer and more efficient choice. While I grasp the basics of generating keys and understanding how public and private keys work, I'm hesitant to just store these important files in a regular folder without proper security. I'm also unsure about how many different keys I should maintain for my projects or homelab.
I'd love to learn about how others are managing their SSH keys effectively and securely, plus any tips you might have! Just for context, I'm using Windows 11 with WSL and mostly connect through Windows Terminal; while I use Remote Desktop Manager somewhat, I really want to step up my game in managing all my network resources from the start.
1 Answer
A good practice is to encrypt your private key files with a passphrase. Start your workday by running an SSH agent to load the key using the passphrase, which keeps it securely in memory. This way, you can log in without needing to enter your password every time. Just remember to log out when you're done, so the key's decrypted version is removed from memory.
Is there a server-side config that only allows keys from the SSH agent that are passphrase protected?