I use ssh-keygen -T rsa to create a public key for accessing my git hosting provider.
a) Does the passphrase entered here should be the same as the git hosting provider account password?
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
b) Can I use an empty password in the above step
c) What is the significance of providing “-C” option, if given the key contains this value else it contains the domainname\accountname in the key
d) I connect to 2 different git hosting providers (github and a private git hosting vendor). So I am assuming you have to create 2 keys OR having 1 key is enough for both the providers? Note: id_rsa.pub will erase the original copy if we create it twice.
Kindly clarify
a.) the passphrase of a SSH key is only interesting to you, no one else can or should see it. So no, it need not be the same as your hosting provider password.
b.) Yes, the passphrase can be empty, but that means that anyone who can read the file can use it to be authenticated as you. This severly reduces the security.
c.)
-Cspecifies a comment. It has no effect. It’s simply there so that you can find out for which use you created a specific key if you come back after some time. It’s not a bad idea to add what you use it for here.d.) you can use a single key for both. Again, it’s a tradeoff between security and ease-of-use: using a single key means only a single set of files to backup and only a single passphrase to remember, but it also means that once it’s been compromised, both accounts are compromised at once.
Also note that none of this is related to git, it’s all basic SSH information. So it applies to everything else that uses SSH keys as well.