| 1 |
On Fri, 15 Jul 2022 09:53:44 +0200, J. Roeleveld wrote: |
| 2 |
|
| 3 |
> > There's no reason you cannot change SSH keys as regularly, and good |
| 4 |
> > reasons why you should. It's just that people don't bother to do it. |
| 5 |
> |
| 6 |
> I agree, but that is a tedious process. |
| 7 |
> |
| 8 |
> I have multiple machines I use as desktop depending on where I am. And |
| 9 |
> either I need to securely share the private keys between them or set up |
| 10 |
> different keys per desktop. |
| 11 |
> I assume the same is true for most people. |
| 12 |
|
| 13 |
I don't share keys, each desktop/laptop has its own keys. |
| 14 |
|
| 15 |
> Never mind that access to the servers needs to be possible for others |
| 16 |
> as well. |
| 17 |
> |
| 18 |
> Either way, to do this automatically, all the desktop machines need to |
| 19 |
> be powered and running while changing the keys. |
| 20 |
|
| 21 |
Not if they use their own keys. It should be simple to script generating |
| 22 |
a new key, then SSHing to a list of machines and replacing the old key |
| 23 |
with the new one in authorized_keys. |
| 24 |
|
| 25 |
> Changing passwords for servers and storing them in a password vault is |
| 26 |
> easier to automate. |
| 27 |
|
| 28 |
Indeed it is, and now you've found a way to do what you want with |
| 29 |
passwords, all is well. |
| 30 |
|
| 31 |
However, I will look at scripting regular replacements for SSH keys, for |
| 32 |
my own peace of mind. |
| 33 |
|
| 34 |
|
| 35 |
-- |
| 36 |
Neil Bothwick |
| 37 |
|
| 38 |
Mac screen message: "Like, dude, something went wrong." |
Archives