Quote:
I'm not suggesting that you breach your company rules though. You will need to adhere to company policy. If there is a rule, then there will be a reason. If you have a problem with it, it's best to discuss it rather than to circumvent it.
Although you have 'fixed' your problem, you still need to answer the above concerns for yourself. Is there a company policy to prevent these? Some Tech-Support/SysAdmins and Security people consider prompt-less sshkey login for personal accounts as a security risk as the private key may be proliferated to make it easy to use, and therefore increasing the risk of the private key being exposed/copied and server access being available to someone who should not. Unfortunately I don't know a way that you can force a particular user account (i.e. personal ones) to require a passphrase. The (public) key is just a block of data to be used as a cipher and if it's generated without one, there is no way to tell and invalidate it.
I don't think that this is a default, so someone must have set this up and for a reason. It would be worth checking that out first.
Personally, I only have SSH keys for batch user access (remote processing or fully coded SFTP jobs etc.) and all personal accounts must be with a password, so this is perhaps a common policy.
If you need to automate processes, consider creating a non-personal account that only has the required access and ensure that id is excluded from any clean-up of
authorized_keys files rather than just re-instating it all the time.
Robin
