The original poster states (emphasis mine):
Then I get the following message.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
I left them blank because they are optional as far as I know, but just for the record, adding a passphrase does not change the result.
I beg to differ. Adding a passphrase encrypts your private key, so that if someone manages to steal your private key file from your computer, they still can't read and use it without the passphrase that decrypts it.
You are right that adding a passphrase it optional, but it's still highly recommended.
To illustrate the difference, let's pretend that your un-encrypted private key file contents (without a passphrase) look like this (example adapted from Improving the security of your SSH private key files)
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEArCQG213utzqE5YVjTVF5exGRCkE9OuM7LCp/FOuPdoHrFUXk
y2MQcwf29J3A4i8zxpES9RdSEU6iIEsow98wIi0x1/Lnfx6jG5Y0/iQsG1NRlNCC
aydGvGaC+PwwWiwYRc7PtBgV4KOAVXMZdMB5nFRaekQ1ksdH/360KCGgljPtzTNl
09e97QBwHFIZ3ea5Eih/HireTrRSnvF+ywmwuxX4ubDr0ZeSceuF2S5WLXH2+TV0
... etc ... lots of base64 blah blah ...
-----END RSA PRIVATE KEY-----
This value stored in your private key can be used to impersonate yourself to any 2nd party who you've given your public key to (in this case Assembla). It's basically as if a hacker had stolen the password to your account and used it to login as you...in the SSH world, this is the equivalent to that.
Now, let's hypothetically say that if you had encrypted the same private key above with a passphrase, then the file contents would look like this (again adapted from Improving the security of your SSH private key files):
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,D54228DB5838E32589695E83A22595C7
3+Mz0A4wqbMuyzrvBIHx1HNc2ZUZU2cPPRagDc3M+rv+XnGJ6PpThbOeMawz4Cbu
lQX/Ahbx+UadJZOFrTx8aEWyZoI0ltBh9O5+ODov+vc25Hia3jtayE51McVWwSXg
wYeg2L6U7iZBk78yg+sIKFVijxiWnpA7W2dj2B9QV0X3ILQPxbU/cRAVTd7AVrKT
... etc ...
-----END RSA PRIVATE KEY-----
Do you see how the contents look different from the un-encrypted file? This makes your private key useless to anyone who happens to steal it, unless they also happen to have the passphrase that decrypts it back to its unencrypted form.
This is the reason that GitHub gives for Why you need a passphrase for your private SSH key:
Passwords aren't very secure, you already know this. If you use one that's easy to remember, it's easier to guess or brute-force. If you use one that's random, it's hard to remember and thus you're more inclined to write the password down. Both of these are Very Bad Things™. This is why you're using ssh keys.
But using a key without a passphrase is basically the same as writing down that random password in a file on your computer. Anyone who gains access to your drive has gained access to every system you use that key with. This is also a Very Bad Thing™. The solution is obvious, add a passphrase.
In the same help article, they explain how to use the *nix utility ssh-agent
to automatically store your passphrase during a terminal session so that you don't have to keep entering it every time you use your private key to make an SSH request.