1 |
On Friday, 15 July 2022 09:29:14 CEST Neil Bothwick wrote: |
2 |
> On Fri, 15 Jul 2022 09:15:02 +0200, J. Roeleveld wrote: |
3 |
> > I prefer not to use SSH keys for this as they tend to exist for years |
4 |
> > in my experience. And one unnoticed leak can open up a lot of systems. |
5 |
> > This is why I use passwords. (passwords are long random strings that |
6 |
> > are changed regularly) |
7 |
> |
8 |
> There's no reason you cannot change SSH keys as regularly, and good |
9 |
> reasons why you should. It's just that people don't bother to do it. |
10 |
|
11 |
I agree, but that is a tedious process. |
12 |
|
13 |
I have multiple machines I use as desktop depending on where I am. And either |
14 |
I need to securely share the private keys between them or set up different |
15 |
keys per desktop. |
16 |
I assume the same is true for most people. |
17 |
|
18 |
Never mind that access to the servers needs to be possible for others as well. |
19 |
|
20 |
Either way, to do this automatically, all the desktop machines need to be |
21 |
powered and running while changing the keys. |
22 |
|
23 |
Changing passwords for servers and storing them in a password vault is easier |
24 |
to automate. |
25 |
|
26 |
-- |
27 |
Joost |