This question has a bit to do with procedure. Is it better for a person to have one single ssh key pair and share the public key where needed. Alternatively is it better to have server specific keys? or maybe less restrictive have classes or rings of keys. One key for personal home servers, one for work, one for external stuff like github.
The downside to one key everywhere is clearly that is allows you to be easily tracked and the same public key connects the dots between services. Revocation is swift but absolute. More finite control is had when you have a key pair per server but it becomes much harder to manage. ssh breaks down when there are many ssh keys and you need to configure your .ssh/config file for each and every site to fix this. it's a lot of work.
So what are best practices?
Aucun commentaire:
Enregistrer un commentaire