Re: Changing keys

From: "Nico Kadel-Garcia" <nkadel@xxxxxxxxxxx>
Date: Fri, 19 May 2006 23:31:15 -0400

Chuck wrote:

Much ado is made these days about changing passwords on a regular
basis. Something to do with Sarbox I think. What about changing
keypairs? Is there any real benefit to trashing old keys and
generating new ones every few months? Normally I just use a strong
passphrase and change it on my private key at the same time I change
other passwords, but I was wondering what opinions others have on the
subject.

Strong passphrases can be keystroke sniffed on rootkit-ed boxes, and private
and public keys stolen by various means including setups where people put
them on NFS shares, improperly secured boxes, etc.. So there is some use to
doing this in a really secure environment.

In such environments, I've tended to use ssh-agent for the "active" key and
to store a deprecated key or two as needed, for targets that didn't get the
most recent update of the public key.

.

References:
- Changing keys
  - From: Chuck

Prev by Date: Re: Passing variables to remote hosts through ssh
Next by Date: tunneling skype w/ ssh on PDA
Previous by thread: Changing keys
Next by thread: Passing variables to remote hosts through ssh
Index(es):
- Date
- Thread

Relevant Pages

Re: Requiring non-empty passphrase.
... I would say no. Public keys are not encrypted with passphrases, ... The trick is that this decryption of the private key ... is done on the client side and the server never sees the private key ...
(SSH)
Re: Passing password in ssh
... If I create keys without a passphrase, and share the public keys between ... So you have to crack user@A's account, at least to the point of getting the private key. ... The .ssh directory also needs to be set this way. ... But even having a pass phrase does not help if someone uses dumb passwords. ...
(Fedora)
Re: Passing password in ssh
... the scenario I described actually happened years ago to someone I ... If I create keys without a passphrase, and share the public keys between ... You do know that you first have to get the private key of the key ... But simply cracking into a user's account who has access to several ...
(Fedora)
Re: passing username/passwd between two processes securely...
... p2 uses private key to decrypt it. ... public keys must be exchanged. ... Shared memory problem is every process can open it if name is known. ...
(microsoft.public.win32.programmer.kernel)