Re: Continuous brute force attempt from own server !!!

[Lars Noodén <lars.nooden@gmail.com>]

On 07/26/2013 11:26 PM, Brian wrote:
> On Fri 26 Jul 2013 at 12:55:04 +0300, Lars Noodén wrote:
> 
>> disabling that key and making a new one for yourself.  It's a good idea
>> for keys to be rotated periodically anyway.
> 
> Does this 'good idea' have reasons to support it?

It is for much the same reasons that passwords are rotated.  It was
mainly this draft that convinced me:

http://datatracker.ietf.org/doc/draft-ylonen-sshkeybcp/?include_text=1

It mentions rotating the keys in several places.

There is also this one, which is about storage, but IMHO applies also to
connection.

https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet#Rule_-_Rekey_data_at_least_every_one_to_three_years

Regards,
/Lars