Millet Porridge

English version of


OpenSSH Series 10: Store your key

Things you should never do

  1. Don’t upload your ~/.ssh to GitHub or Gitlab, even in a private repo, it seems like you put your bank card and password in it

  2. Don’t leave your key’s passphrase empty

  3. You should use the trusted login tool, better to use open-source login tools like OpenSSH. Many hacked tools can steal your keys.

My strategy

  1. use git to manage the ~/.ssh for tracking the modification
  2. When I need to sync the key and config file, I manually carry the hardware disk to sync