Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Adam Williamson awilliam at
Wed Oct 12 19:48:57 UTC 2011

On Wed, 2011-10-12 at 21:38 +0200, Henrik Nordström wrote:
> ons 2011-10-12 klockan 12:20 -0700 skrev Adam Williamson:
> > Sure there is. There's the exact same problem as using the same password
> > across multiple projects: if someone compromises the key they have
> > compromised all of those projects. If you use a different key for each
> > project, an attacker can only compromise one project with any given key.
> To compromise  my SSH key they need to compromise the location where my
> key is stored and the key encryption passprase. 

Sure. However, if you have multiple keys with multiple passphrases, then
it's extra work to compromise each key. It is also possible, if you use
multiple keys for multiple systems, that you do not need to store every
key you own on every system you use. To take the possible real-world
example I raised...

let's say you have an account on and one on It may
make some kind of sense to your workflow for you to keep the private key
you use to access in your home directory on Now,
if the key in question is 'your single personal key you use for
everything', then if someone compromises and then compromises
the key you have stored there, they have now compromised everything you
have access to, as you use that single key for everything.

Say the key in question is 'the key you use specifically for',
and you didn't choose to store any other of your private keys on because you'd never need to access any other systems from, you have now successfully mitigated the scope of the attack
to and but _not_ any of the other systems you have
access to (and use different keys for, keys which you did not store on
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | adamwfedora

More information about the devel mailing list