"When asked to enter a passphrase, do so. An ssh key without a passphrase is completely vulnerable if stolen." That's true, but how to do cron jobs? An 'expect' script literally has your unhashed passwd. Only multiple key pairs I guess.
@tomasino@adamd Well, I may be wrong, but my thinking is that if I'm storing a key pair on the same box and then just also storing a pass phrase on the same box and I'm compromised, what is the difference?
@gemlog@adamd you can do something similar with keypass or 1password, or just pick memorable passwords for your keys like "this is a phrase for tilde town". Knowing how to use ssh-agent is really helpful for making lots of keys more manageable.
Credit to @mwlucas and his ssh mastery book for it's fantastic information
@tomasino@gemlog@mwlucas I'll do some looking around / learning. I was a keepassxc fan but wanted a cli way. I believe keepassxc has a cli way. At the time I did not know that. It was a long time ago. It will be a lot of work to move now as I have lots of information in my pass-store.