[kwlug-disc] Curious about SSH Key security

Rashkae rashkae at tigershaunt.com
Fri Jul 23 23:52:59 EDT 2010

unsolicited wrote:

> Yes, but, once known, it is very easy, trivial, to re-secure - just take 
> the line out of the authorized_keys file. (And doing so is relatively 
> painless - like disabling an account rather than deleting it.) Let 
> alone, you may only, for the moment, be intentionally disabling 
> someone's remote access. Doesn't mean they shouldn't be able to work 
> normally when they come in the next day. Let alone refreshing 
> (replacing) keys all around, just in case (is a somewhat easy / painless 
> process).

Here's a quick tip that might make your key management easier.  Rather 
than copying/pasting/cutting the authorized_keys file, I create a keys 
subdirectory where I store the keys I want to use, one key per file. 
When a change is made, (deleting or adding a new key) I simply cat * > 
../authorized_keys to refresh the file.

More information about the kwlug-disc mailing list