D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG] SSH key management

 

Curious how folk manage this.

Most of the time life has been simple enough that I can manage it by Simon knows if 
the server was just reinstalled because Simon just reinstalled it approach.

It relies on fallible humans, and it doesn't scale, and frankly wasn't THAT secure, 
but then it didn't have to be.

I know they can go in the DNS (although the DNS then ought to be cryptographically 
secured (probably not a problem - GoDaddy do it for a few dollar a month but not 
sure I'd want to use them for work stuff, but solutions exists here which are cheap 
and easy to do). No sniggering about .GOV at the back.

But what is the preferred method for the more paranoid amongst you? 

My primary goal is to make a new key message, or a mismatching key message, rare 
enough that people will have time to stop and think when they see one, rather than 
just adding it, or removing a stale entry (you all know what I mean, even if you 
don't do it).

It isn't a high priority - so solutions have to be lightweight and not demand much 
of the users of ssh (hence the DNS being interesting).

 Simon
-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq