On Fri, 15 Jul 2022 09:53:44 +0200, J. Roeleveld wrote: > > There's no reason you cannot change SSH keys as regularly, and good > > reasons why you should. It's just that people don't bother to do it. > > I agree, but that is a tedious process. > > I have multiple machines I use as desktop depending on where I am. And > either I need to securely share the private keys between them or set up > different keys per desktop. > I assume the same is true for most people.
I don't share keys, each desktop/laptop has its own keys. > Never mind that access to the servers needs to be possible for others > as well. > > Either way, to do this automatically, all the desktop machines need to > be powered and running while changing the keys. Not if they use their own keys. It should be simple to script generating a new key, then SSHing to a list of machines and replacing the old key with the new one in authorized_keys. > Changing passwords for servers and storing them in a password vault is > easier to automate. Indeed it is, and now you've found a way to do what you want with passwords, all is well. However, I will look at scripting regular replacements for SSH keys, for my own peace of mind. -- Neil Bothwick Mac screen message: "Like, dude, something went wrong."
pgpGAZfUYl3QJ.pgp
Description: OpenPGP digital signature
