Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Paul Wouters paul at
Fri Oct 14 04:50:16 UTC 2011

On Thu, 13 Oct 2011, Callum Lerwick wrote:

>> Yeah, who needs backups of private keys anyways!
> We're talking about SSH keys here. There's no web of trust to lose.
> Lose your keys? Generate new ones.

And contact my customers and what not to change it? Go past all the
servers i have access to with that key? No thanks.

>>> you have the same private key on more than one machine at a time,
>>> you're Doing It Wrong.
>> That's kinda silly. I work on a desktop or on a laptop. When working on
>> my desktop, I really don't want to fire up my laptop just for the ssh
>> key. And adding two keys in all authorized_keys for this is kinda silly,
>> and does not add any security over the one copied key.
> You're wrong, and you're doing it wrong.

Excellent dialog, strong arguments! Guess I'll stop feeding the trolls now.


More information about the devel mailing list