making the passphrase prompt more clear
mancha
mancha1 at zoho.com
Wed Sep 3 10:00:18 EST 2014
On Tue, Sep 02, 2014 at 04:11:52PM -0700, Eitan Adler wrote:
> On 2 September 2014 15:52, Aidan Feldman <aidan.feldman at gmail.com>
> wrote:
> > I am going to preface this email by saying that I know very little
> > about OpenSSH internals, the protocol, etc.
> >
> > I do a lot of work with novice programmers, and one step that comes
> > up relatively early is generating SSH keys. In case you haven't
> > done it in a while, the output looks like this:
> >
> > $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter
> > file in which to save the key (/Users/aidan/.ssh/id_rsa): Enter
> > passphrase (empty for no passphrase):
> >
> > When that last step comes up, I am regularly asked, "Does it mean
> > the system password, or a new one?" A slight tweak of the language
> > could easily eliminate that confusion... something like "Enter
> > passphrase for the new key" or "Enter new passphrase".
>
> Perhaps "Enter new passphrase to encrypt the key (empty for no
> encryption):"
>
> This makes it clear that it needs to be a new phrase, and what it will
> be used for.
You might also consider helping your users get into the good habit of
reading documentation.
Not all software suites have good docs but OpenSSH does a pretty job of
it.
Take for example this excerpt from the ssh-keygen manpage:
"The program also asks for a passphrase. The passphrase may be empty
to indicate no passphrase (host keys must have an empty passphrase),
or it may be a string of arbitrary length. A passphrase is similar
to a password, except it can be a phrase with a series of words,
punctuation, numbers..."
--mancha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140903/3010552c/attachment.bin>
More information about the openssh-unix-dev
mailing list