Why using a SSH key without password is wrong!

Some people may give the advices to create ssh keys without a password. Although possible, this is not good. Assume someone breaks into your computer and copies your key. This person can than simply login into your remote accounts without you knowing about it. 

Let me ask you the following questions:

• Are you leaving your apartment while leaving the key in the door?
• When you do online banking are you not using a password?
• When you have an ATM card, are you not having a passcode?

So why are you creating a security risk by not using a pass phrase for SSH keys?

Convenience should not be an excuse.

Please create a key.

If you like to avoid typing in a password all the time, please consider using ssh-add / keychain. With this tools your can do a signon as long as your session is active. It is certainly better than using pass phrase less keys.