You are not logged in.
- Topics: Active | Unanswered
#1 2023-11-29 10:08:01
- ryanbarillos
- Member
- Registered: 2023-11-29
- Posts: 51
SSH Passphrase Necessary to Submit AUR Packages?
I plan on submitting my first AUR package, and according to the AUR submission guidelines I need to generate an SSH Key. However executing the command asks me a passphrase to put on the key. Do I include one or leave it empty?
Offline
#2 2023-11-29 12:17:46
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 25,231
Re: SSH Passphrase Necessary to Submit AUR Packages?
If you leave it empty and anyone acquires your private key for any reason they can submit AUR packages/change your AUR packages in your name.
Offline
#3 2023-11-29 13:10:26
- bulletmark
- Member
- From: Brisbane, Australia
- Registered: 2013-10-22
- Posts: 713
Re: SSH Passphrase Necessary to Submit AUR Packages?
If you leave it empty and anyone acquires your private key for any reason they can submit AUR packages/change your AUR packages in your name.
A private ssh key should never leave your own machine so it is very unlikely others will acquire it.
How you lock your personal ssh key is your decision (and irrelevant to any server) but most DE's automatically invoke an ssh agent to cache the key so you don't have to unlock it very often.
Offline
#4 2023-11-29 13:15:56
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 25,231
Re: SSH Passphrase Necessary to Submit AUR Packages?
I know, and yet the relevant mechanisms exist to protect it from that, should the situation arise.
Offline
#5 2023-11-29 13:57:29
- seth
- Member
- From: Won't reply 2 private help req
- Registered: 2012-09-03
- Posts: 76,034
Re: SSH Passphrase Necessary to Submit AUR Packages?
A private ssh key should never leave your own machine so it is very unlikely others will acquire it.
Yes "should" …
Also evil maid and a notebook could get stolen (though in reality the thief will just install windows)
But of course https://imgs.xkcd.com/comics/security.png always applies anyway - security is a personal assessment.
Will somebody break your system and/or torture you to be able to upload AUR packages under your identity? Meh.
The calculation may change when generating a keypair to sign and authorize financial transactions, business statements, threat-mails to the pentagon…
Offline
#6 2024-02-13 23:32:50
- ryanbarillos
- Member
- Registered: 2023-11-29
- Posts: 51
Re: SSH Passphrase Necessary to Submit AUR Packages?
Just wanna add closure to this topic before it's closed: Thanks for your answers. It has helped me in being an AUR package maintainer 
Offline