Mellow Root

Encrypt your SSH keys

Recently, a popular Python package was compromised and malicious code was injected1. One of the things it did was upload $HOME/.ssh/* to a remote server. This isn't great, but if your keys are encrypted the situation is much better.

To encrypt your SSH key, use:

ssh-keygen -p -f ~/.ssh/id_rsa

If the encrypted private key is stolen, an attacker needs to brute-force (guess) your password to use it.

To be more resistant to brute force-attacks, specify -a <number> to set the number of rounds used. The default is 16.

ssh-keygen -p -a 500 -f ~/.ssh/id_rsa

A higher number results in increased resistance to brute-force attacks, but also slower password verification. Use SSH agent and you only need to enter the password once per boot, and the increased password verification time won't bother you.

  1. PyTorch discloses malicious dependency chain compromise over holidays | BleepingComputer