SSH keys are a great thing. They improve security (provided that passwords are disabled) and they save you the drudgery of having to enter password each time you connect to your server. With a little tweaking of ~/.ssh/config file, you can connect to your server just by typing “ssh” followed by a space and a few letters for the hostname of your server, followed by Tab key. That’s only a few key strokes and it’s really fast. Furthermore, if you want to run any sort of automated scripts (SSH, SCP, Ansible…), you pretty much have to have password-less key.
First thing that irks me is when I get password protected private key from a client. Most of the time that’s generated from cPanel (ugh!) where keys must have password. This sounds like a good idea at first, but it’s really just an annoyance. cPanel generates longish random passwords for SSH keys, which you cannot remember, so you have to put write it down either in a password manager, or in plaintext (bad idea). If someone had compromised your PC, or intercepted your email, they are going to get to your SSH key, so this doesn’t offer any real protection. On the other hand, you have to enter the password each time you are logging in. I keep SSH keys on an encrypted storage which is protected by a strong password and an external key, so, that’s reasonably secure.
Fortunately, it’s easy to remove this password, it’s just one simple command:
ssh-keygen -p -P 'old-pass' -N '' -f <key_filename>
Another annoying thing is when you get .ppk key. .ppk keys are used in putty. This little program is great for connecting to your SSH server when you are condemned to use windows. Compared any terminal emulator on any Linux distro, putty is ugly and awkward. Fortunately, .ppk key can be converted to .pem key with one simple command (provided that you have putty installed):
puttygen key.ppk -O private-openssh -o key.pem