Most people seem to just leave their private keys in their
$HOME
, completely unprotected. These things give you
unlimited root-level access to whatever machine trusts these. If there
is anything a PC user should secure, this is certainly it. Stop
it, get some help.
I found some useful utilites to aid you in that.
Passwdqc can generate a secure passphrase for you. Words, numbers, other symbols included.
Do a quick $ pwqgen random=100
in the
terminal to get one. Roll the dice a few times, get one that is easy to
remember.
ssh-keygen. Bundled with
OpenSSH. $ ssh-keygen -Z chacha20-poly1305@openssh.com -a 200 -f $HOME/.ssh/id_ed25519 -p
This command prompts you for a new passphrase, saves the key with a
really secure cipher and hashes it a bunch of times. This slows down the
process of decryption upon use, insignificantly, but is an effective
guard against bruteforce attacks.
Now, even if you leave your keys somewhere, and someone takes them, they will have to spend a good while cracking it before they get access to anything.