Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
Toshio Kuratomi
a.badger at gmail.com
Fri Oct 14 04:18:26 UTC 2011
On Thu, Oct 13, 2011 at 10:55:59PM -0500, Callum Lerwick wrote:
> On Thu, Oct 13, 2011 at 12:18 PM, Adam Williamson <awilliam at redhat.com> wrote:
> > On Thu, 2011-10-13 at 10:43 +0200, Gerd Hoffmann wrote:
> >> One ssh key per machine makes alot more sense. For outgoing ssh
> >> connections from -- say -- shell.fedoraproject.org I wouldn't just copy
> >> my private key from my laptop but generate a new one, then add it to
> >> authorized_keys where needed.
> >
> > That's a sensible approach, sure.
>
> Its the only right way to do it. As a general rule, a private ssh key
> should NEVER be transferred off the machine it was generated on. If
> you have the same private key on more than one machine at a time,
> you're Doing It Wrong.
>
Having the same private key on two machines may indeed be the wrong way to
do things but it's questionable that the method described is truly the "only
right way to do it". Is it worse to have any private keys (even one
generated on that machine) on a shared server or to use an ssh-agent with
your local credentials through the shared shared server?
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20111013/0780bebf/attachment.bin
More information about the devel
mailing list