Re: OT: ssh keys

From: Bruce A. Mah <bmah_at_acm.org>
Date: 2005-03-11 17:04:51 CET

If memory serves me right, Andrew Thompson wrote:

> I am curious how you ssh users handle your key files.
>
> Do you make one for each different box, or group of boxes?

Generally, one key pair per administrative domain (think of "home" and
"work").

> How do you store them?
>
> Do you allow them to be backed up to network disks or tape?

I assume you're refering to the private parts here. I don't have much
network storage in my environment, so basically they sit on local disks
of my workstations and laptops, and I do backups to offline media
(typically CD-RW). I could probably do a better job of securing the
laptops (encrypting filesystem).

Don't underestimate the value of a good passphrase on the keys, BTW.
This can mitigate the risks involved in having the keys backed up to
somewhere that's not in your immediate control, having media stolen,
etc. You kind of need to assess the risk tradeoff for your individual
case.

> What about the public portions? Do you keep them secret or post them
> publicly for easy retrevial?

I don't post my SSH public keys anywhere, but I generally don't have a
problem leaving them around on machines that I have access to, including
a few shared machines. In terms of exposure, this is somewhere in
between the two cases you mentioned.

Bruce.

application/pgp-signature attachment: This is a digitally signed message part

Received on Fri Mar 11 17:07:32 2005

This message: [ Message body ]
Next message: Ben Collins-Sussman: "Re: Docs for 1.2, lock/reserve?"
Previous message: Ryan Schmidt: "Re: Browsing Document roots with svn directories:"
In reply to: Andrew Thompson: "OT: ssh keys"
Next in thread: Hari Kodungallur: "Re: OT: ssh keys"
Reply: Hari Kodungallur: "Re: OT: ssh keys"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]