Problem: SSH private keys are protected with a passphrase rather than a password. What makes a good passphrase?
A passphrase differs from a password in that it should be composed of multiple words and more difficult to guess. The same rules that apply to creating good passwords also apply to creating good passphrases. The following is a list of suggestions for creating a good passphrase.
Of course, it is possible to use an empty or null passphrase when using SSH. This is strongly discouraged as anyone who is able to obtain your private key would be able to impersonate you. However, there are times when an empty passphrase may be necessary, such as for an automated script or batch job. In these cases, it is recommended that a separate account on the remote machine be created for the automated script or batch job. By creating a separate account and limiting the account's privileges, you can at least minimize damage if it is compromised.