Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Paul Wouters paul at xelerance.com
Fri Oct 14 04:25:49 UTC 2011


On Thu, Oct 13, 2011 at 10:55:59PM -0500, Callum Lerwick wrote:

> Its the only right way to do it. As a general rule, a private ssh key
> should NEVER be transferred off the machine it was generated on.

Yeah, who needs backups of private keys anyways!

> you have the same private key on more than one machine at a time,
> you're Doing It Wrong.

That's kinda silly. I work on a desktop or on a laptop. When working on
my desktop, I really don't want to fire up my laptop just for the ssh
key. And adding two keys in all authorized_keys for this is kinda silly,
and does not add any security over the one copied key.

Paul


More information about the devel mailing list