[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Need a tutorial

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Sep 22, 2016 at 10:44:28AM +0300, Lars Noodén wrote:
> On 09/21/2016 11:39 PM, Gene Heskett wrote:
> > On Wednesday 21 September 2016 10:23:09 Greg Wooledge wrote:
> ...
> >> man ssh-keygen
> >> http://mywiki.wooledge.org/SshKeys
> > 
> > I knew there was something about generating keys, but not the sticky 
> > details.
> 
> If you have multiple servers or multiple remote accounts, you will end
> up with at least one key pair per account+server.  So you will also need
> a way to keep track of them.  One way it to make use of the -C and -f
> options to add a comment inside the key and to name the key files to
> something mnemonic.

I actually use my default key for most servers. Only especially sensitive
(or especially insecure) servers get a dedicated key.

Of course I'm betting on the impossibility of recovering the secret key
from the public key, which is distributed around and available to anyone
capable of compromising one server.

Then, state-level attackers have much easier avenues than that. As Bruce
Schneier put it once, "NSA is better at breaking knuckles than at breaking
codes" :-/

But yes, it makes sense to think about the security/convenience tradeoffs.

regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfjmPwACgkQBcgs9XrR2kbs4wCdHtG+7JkudYcnbSP+bViXDRrH
QSwAn3JbimtAVvQsLa1oXQi0zmK2FXAk
=XXY8
-----END PGP SIGNATURE-----
Reply to: