Re: making the passphrase prompt more clear

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue, Sep 02, 2014 at 04:11:52PM -0700, Eitan Adler wrote:
> On 2 September 2014 15:52, Aidan Feldman <aidan.feldman@xxxxxxxxx>
> wrote:
> > I am going to preface this email by saying that I know very little
> > about OpenSSH internals, the protocol, etc.
> >
> > I do a lot of work with novice programmers, and one step that comes
> > up relatively early is generating SSH keys.  In case you haven't
> > done it in a while, the output looks like this:
> >
> > $ ssh-keygen -t rsa Generating public/private rsa key pair.  Enter
> > file in which to save the key (/Users/aidan/.ssh/id_rsa): Enter
> > passphrase (empty for no passphrase):
> >
> > When that last step comes up, I am regularly asked, "Does it mean
> > the system password, or a new one?"  A slight tweak of the language
> > could easily eliminate that confusion... something like "Enter
> > passphrase for the new key" or "Enter new passphrase".
> 
> Perhaps "Enter new passphrase to encrypt the key (empty for no
> encryption):"
> 
> This makes it clear that it needs to be a new phrase, and what it will
> be used for.

You might also consider helping your users get into the good habit of
reading documentation.

Not all software suites have good docs but OpenSSH does a pretty job of
it.

Take for example this excerpt from the ssh-keygen manpage:

  "The program also asks for a passphrase. The passphrase may be empty
   to indicate no passphrase (host keys must have an empty passphrase),
   or it may be a string of arbitrary length. A passphrase is similar
   to a password, except it can be a phrase with a series of words,
   punctuation, numbers..."

--mancha

Attachment: pgphObZZ7INTD.pgp
Description: PGP signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux