Security of ssh across a LAN, public key versus password

[Christian Weisgerber]

Tim Rice via openssh-unix-dev:

> A possible confusion is that there are two ways the term passphrase can be used when it comes to OpenSSH:

Not by the OpenSSH man pages:

> * Passphrase authentication, where you log into a machine and the sshd on the other end challenges you to enter a passphrase, usually matching your remote account's password.

The OpenSSH man pages do not use "passphrase" in this way.  The OpenSSH
term is "password".

> * Encrypting your private key with a passphrase, which is what happens when you enter a passphrase while using ssh-keygen or ssh-add.

Only that is a "passphrase" in OpenSSH parlance.

The OpenSSH documentation strives to avoid ambiguous terminology.
When support for U2F/FIDO "security keys" was added, we eventually
settled on the term "authenticator" instead, because "keys" are
something else (and so are "tokens").

-- 
Christian "naddy" Weisgerber                          naddy at mips.inka.de