1 |
On Fri, 15 Jul 2022 09:53:44 +0200, J. Roeleveld wrote: |
2 |
|
3 |
> > There's no reason you cannot change SSH keys as regularly, and good |
4 |
> > reasons why you should. It's just that people don't bother to do it. |
5 |
> |
6 |
> I agree, but that is a tedious process. |
7 |
> |
8 |
> I have multiple machines I use as desktop depending on where I am. And |
9 |
> either I need to securely share the private keys between them or set up |
10 |
> different keys per desktop. |
11 |
> I assume the same is true for most people. |
12 |
|
13 |
I don't share keys, each desktop/laptop has its own keys. |
14 |
|
15 |
> Never mind that access to the servers needs to be possible for others |
16 |
> as well. |
17 |
> |
18 |
> Either way, to do this automatically, all the desktop machines need to |
19 |
> be powered and running while changing the keys. |
20 |
|
21 |
Not if they use their own keys. It should be simple to script generating |
22 |
a new key, then SSHing to a list of machines and replacing the old key |
23 |
with the new one in authorized_keys. |
24 |
|
25 |
> Changing passwords for servers and storing them in a password vault is |
26 |
> easier to automate. |
27 |
|
28 |
Indeed it is, and now you've found a way to do what you want with |
29 |
passwords, all is well. |
30 |
|
31 |
However, I will look at scripting regular replacements for SSH keys, for |
32 |
my own peace of mind. |
33 |
|
34 |
|
35 |
-- |
36 |
Neil Bothwick |
37 |
|
38 |
Mac screen message: "Like, dude, something went wrong." |