On Friday, 15 July 2022 09:29:14 CEST Neil Bothwick wrote: > On Fri, 15 Jul 2022 09:15:02 +0200, J. Roeleveld wrote: > > I prefer not to use SSH keys for this as they tend to exist for years > > in my experience. And one unnoticed leak can open up a lot of systems. > > This is why I use passwords. (passwords are long random strings that > > are changed regularly) > > There's no reason you cannot change SSH keys as regularly, and good > reasons why you should. It's just that people don't bother to do it.
I agree, but that is a tedious process. I have multiple machines I use as desktop depending on where I am. And either I need to securely share the private keys between them or set up different keys per desktop. I assume the same is true for most people. Never mind that access to the servers needs to be possible for others as well. Either way, to do this automatically, all the desktop machines need to be powered and running while changing the keys. Changing passwords for servers and storing them in a password vault is easier to automate. -- Joost
