Chris G wrote:
No it isn't. It's in a file *at the other end* totally inaccessible to the intruder until he's guessed it. The private key on the other had *is* at the end where the intruder is so has to be encrypted.
You are taking one (relatively unlikely) attack vector where an intruder gains access to your specific machine in order to get access to another. This is the explicit case where the private key protects you and with the current state of the encryption used a brute force would be pretty much the only viable way of getting the passphrase to open the key, in which time you would hopefully have noticed the local breach and changed it. At which point they may as well have tried a direct brute force attack against sshd itself.
Normally the intruder would be coming from a different machine and wouldn't have the private key in the first place.
Don't make the mistake of dreaming up one possible attack vector and basing all your security measures upon that assumption. The fact is that if you are only allowing key based authentication then an intruder needs to break into your machine first *and* crack the passphrase on the private key. At the point your local machine is compromised and had you been using a password login to the remote system they could have just installed a keylogger or a login spoof and captured a password for the remote system anyway.
So overall if you are using passphrase protected keys you have still increased overall security because the private key has to be stolen and compromised first. Making an attack from a machine other than yours pretty difficult and an attack from your machine as difficult as if they didn't have a password for interactive authentication (they still have to guess or capture the passphrase, which is the same effort as guessing or capturing a login password)