| 1 |
On Friday, 15 July 2022 09:29:14 CEST Neil Bothwick wrote: |
| 2 |
> On Fri, 15 Jul 2022 09:15:02 +0200, J. Roeleveld wrote: |
| 3 |
> > I prefer not to use SSH keys for this as they tend to exist for years |
| 4 |
> > in my experience. And one unnoticed leak can open up a lot of systems. |
| 5 |
> > This is why I use passwords. (passwords are long random strings that |
| 6 |
> > are changed regularly) |
| 7 |
> |
| 8 |
> There's no reason you cannot change SSH keys as regularly, and good |
| 9 |
> reasons why you should. It's just that people don't bother to do it. |
| 10 |
|
| 11 |
I agree, but that is a tedious process. |
| 12 |
|
| 13 |
I have multiple machines I use as desktop depending on where I am. And either |
| 14 |
I need to securely share the private keys between them or set up different |
| 15 |
keys per desktop. |
| 16 |
I assume the same is true for most people. |
| 17 |
|
| 18 |
Never mind that access to the servers needs to be possible for others as well. |
| 19 |
|
| 20 |
Either way, to do this automatically, all the desktop machines need to be |
| 21 |
powered and running while changing the keys. |
| 22 |
|
| 23 |
Changing passwords for servers and storing them in a password vault is easier |
| 24 |
to automate. |
| 25 |
|
| 26 |
-- |
| 27 |
Joost |
Archives