Re: Continuous brute force attempt from own server !!!
On 07/26/2013 11:26 PM, Brian wrote:
> On Fri 26 Jul 2013 at 12:55:04 +0300, Lars Noodén wrote:
>
>> disabling that key and making a new one for yourself. It's a good idea
>> for keys to be rotated periodically anyway.
>
> Does this 'good idea' have reasons to support it?
It is for much the same reasons that passwords are rotated. It was
mainly this draft that convinced me:
http://datatracker.ietf.org/doc/draft-ylonen-sshkeybcp/?include_text=1
It mentions rotating the keys in several places.
There is also this one, which is about storage, but IMHO applies also to
connection.
https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet#Rule_-_Rekey_data_at_least_every_one_to_three_years
Regards,
/Lars
Reply to: