If memory serves me right, Andrew Thompson wrote:
> I am curious how you ssh users handle your key files.
> Do you make one for each different box, or group of boxes?
Generally, one key pair per administrative domain (think of "home" and
> How do you store them?
> Do you allow them to be backed up to network disks or tape?
I assume you're refering to the private parts here. I don't have much
network storage in my environment, so basically they sit on local disks
of my workstations and laptops, and I do backups to offline media
(typically CD-RW). I could probably do a better job of securing the
laptops (encrypting filesystem).
Don't underestimate the value of a good passphrase on the keys, BTW.
This can mitigate the risks involved in having the keys backed up to
somewhere that's not in your immediate control, having media stolen,
etc. You kind of need to assess the risk tradeoff for your individual
> What about the public portions? Do you keep them secret or post them
> publicly for easy retrevial?
I don't post my SSH public keys anywhere, but I generally don't have a
problem leaving them around on machines that I have access to, including
a few shared machines. In terms of exposure, this is somewhere in
between the two cases you mentioned.
Received on Fri Mar 11 17:07:32 2005