$ hostname.org.com

And I'm in. I'm in without specifying credentials every .. single .. time .. because I use SSH passphrase keys, with a passphrase.

I can do that because I took the trouble to setup my ssh key and copy it to my server's $HOME/.ssh directory, performed a little magic on it.

...

I had this thought the other day, when I was logging into gmail and work-help-desk and work's erp platform and the EDI tool .. all of it web based and all of it requiring me to specify userid/password ... why don't we do SSH passphrase keys for websites?

That is, a user would ..

- create a key - push it to the web server - when you login, web server looks for that key and ... you're in.

This - to me - would seem to be a lot easier than what we do now.

Inside a company we require a lot of userid/password keystrokes, one per application. Even with SSO (via LDAP or whatever) we still require these keystrokes.

In the wild internet to either remember userid/passwords, or store them in your browser, or use an add-on for that purpose. We're still using userid/password and that sucks, when you could simply point the login at your key and bang out a passphrase.

But we don't do this. The reason is probably simple, but I'm just not seeing why.