Re: TIPS FOR THE NEWCOMER
From: Greg Wooledge (wooledg_at_eeg.ccf.org)
Date: Tue, 17 Jun 2003 13:48:33 -0400 To: "Zieg, Mark" <firstname.lastname@example.org>
On Tue, Jun 17, 2003 at 10:34:47AM -0400, Zieg, Mark wrote:
> > 1. This command created both a private and public keys. Will it be
> > advisable if I remove the id_rsa (private) from /home/servie and put in
> > a safe place such a floppy, just in case, in the event my user account
> > has been compromised?
> If your account gets compromised, then the hacker has your private key, and
> thus your keypair is compromised. Therefore, you wouldn't want to continue
> using your old private key, so there's no point in keeping a backup.
Check the paragraph again; Servie is saying that the floppy would be
used *instead* of ~/.ssh for storing the public key. I've heard of
other people using a USB storage keyring for similar purposes. The
tricky part here is making the access as convenient as possible (e.g.
automounting the removable device when ~/.ssh/id_rsa.pub is accessed,
possibly using a symlink, etc.).