making the passphrase prompt more clear

Eitan Adler lists at
Wed Sep 3 13:25:29 EST 2014

On 2 September 2014 17:00, mancha <mancha1 at> wrote:
> On Tue, Sep 02, 2014 at 04:11:52PM -0700, Eitan Adler wrote:
>> On 2 September 2014 15:52, Aidan Feldman <aidan.feldman at>
>> wrote:
>> > I am going to preface this email by saying that I know very little
>> > about OpenSSH internals, the protocol, etc.
>> >
>> > I do a lot of work with novice programmers, and one step that comes
>> > up relatively early is generating SSH keys.  In case you haven't
>> > done it in a while, the output looks like this:
>> >
>> > $ ssh-keygen -t rsa Generating public/private rsa key pair.  Enter
>> > file in which to save the key (/Users/aidan/.ssh/id_rsa): Enter
>> > passphrase (empty for no passphrase):
>> >
>> > When that last step comes up, I am regularly asked, "Does it mean
>> > the system password, or a new one?"  A slight tweak of the language
>> > could easily eliminate that confusion... something like "Enter
>> > passphrase for the new key" or "Enter new passphrase".
>> Perhaps "Enter new passphrase to encrypt the key (empty for no
>> encryption):"
>> This makes it clear that it needs to be a new phrase, and what it will
>> be used for.
> You might also consider helping your users get into the good habit of
> reading documentation.


> Not all software suites have good docs but OpenSSH does a pretty job of
> it.

Helpful, but short prompts within the working software are not
unreasonable.  Does making the prompt more clear have any real
negative value?

Eitan Adler

More information about the openssh-unix-dev mailing list