Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
Gerd Hoffmann
kraxel at redhat.com
Thu Oct 13 08:43:08 UTC 2011
Hi,
> Sure, ssh keys are much harder to compromise than passwords, but
> _assuming a compromise has happened_ the consequences of using a single
> key for everything are just as bad as using a single password for
> everything.
One ssh key per project doesn't make sense at all to me. They all would
be on my laptop, and in case it gets compromised the attacker can easily
snatch all the keys.
One ssh key per machine makes alot more sense. For outgoing ssh
connections from -- say -- shell.fedoraproject.org I wouldn't just copy
my private key from my laptop but generate a new one, then add it to
authorized_keys where needed.
That does (a) limit the access to the machines really needed instead of
allowing ssh to every machine I'm ssh'ing to from my laptop and
(b) doesn't compromise the keys used on my laptop in case
shell.fedoraproject.org is hacked.
cheers,
Gerd
More information about the devel
mailing list