[kwlug-disc] Curious about SSH Key security
Rashkae
rashkae at tigershaunt.com
Fri Jul 23 23:52:59 EDT 2010
unsolicited wrote:
>
> Yes, but, once known, it is very easy, trivial, to re-secure - just take
> the line out of the authorized_keys file. (And doing so is relatively
> painless - like disabling an account rather than deleting it.) Let
> alone, you may only, for the moment, be intentionally disabling
> someone's remote access. Doesn't mean they shouldn't be able to work
> normally when they come in the next day. Let alone refreshing
> (replacing) keys all around, just in case (is a somewhat easy / painless
> process).
>
Here's a quick tip that might make your key management easier. Rather
than copying/pasting/cutting the authorized_keys file, I create a keys
subdirectory where I store the keys I want to use, one key per file.
When a change is made, (deleting or adding a new key) I simply cat * >
../authorized_keys to refresh the file.
More information about the kwlug-disc
mailing list