Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
Paul Wouters
paul at xelerance.com
Fri Oct 14 04:50:16 UTC 2011
On Thu, 13 Oct 2011, Callum Lerwick wrote:
>> Yeah, who needs backups of private keys anyways!
>
> We're talking about SSH keys here. There's no web of trust to lose.
> Lose your keys? Generate new ones.
And contact my customers and what not to change it? Go past all the
servers i have access to with that key? No thanks.
>>> you have the same private key on more than one machine at a time,
>>> you're Doing It Wrong.
>>
>> That's kinda silly. I work on a desktop or on a laptop. When working on
>> my desktop, I really don't want to fire up my laptop just for the ssh
>> key. And adding two keys in all authorized_keys for this is kinda silly,
>> and does not add any security over the one copied key.
>
> You're wrong, and you're doing it wrong.
Excellent dialog, strong arguments! Guess I'll stop feeding the trolls now.
Paul
More information about the devel
mailing list