Update and complete articles
This commit is contained in:
parent
656caa697d
commit
c3f23337a8
4 changed files with 60 additions and 26 deletions
|
|
@ -7,24 +7,17 @@ tags:
|
|||
- ssh
|
||||
---
|
||||
|
||||
I always have a different SSH key pair per machine. The aim is to really never
|
||||
copy my private key from a machine to another over network or USB stick.
|
||||
I always have a different SSH key pair per machine. The aim is to really never copy my private key from a machine to another over network or USB stick.
|
||||
|
||||
<!--more-->
|
||||
|
||||
## Client keys
|
||||
|
||||
With this approch, if one of my host is compromised and/or my key could have
|
||||
been exposed, I have only to remove granted access to this key to host or
|
||||
services (OK, that can be painful to find such services), but I can continue to
|
||||
use other no-compromised keys to work.
|
||||
With this approach, if one of my host is compromised and/or my key could have been exposed, I have only to remove granted access to this key to host or services (OK, that can be painful to find such services), but I can continue to use other no-compromised keys to work.
|
||||
|
||||
As you can see on my [github](https://github.com/nemunaire.keys) account, I've
|
||||
registered several keys, because I don't work from the same machine every time.
|
||||
As you can see on my [github](https://github.com/nemunaire.keys) account, I've registered several keys, because I don't work from the same machine every time.
|
||||
|
||||
It can sometime be complicated to give me access to machine, but in most case,
|
||||
I tend to centralize most of my outgoing connections from a single host, which
|
||||
is in fact my home desktop: oupaout.
|
||||
It can sometime be complicated to give me access to machine, but in most case, I tend to centralize most of my outgoing connections from a single host, which is in fact my home desktop: oupaout.
|
||||
|
||||
Here is a list of my keys' md5 fingerprints:
|
||||
|
||||
|
|
@ -55,6 +48,11 @@ ssh-keygen -l -E md5 -f KEY_FILE
|
|||
```
|
||||
|
||||
|
||||
### Usign PGP
|
||||
|
||||
Sometime, I use my authentication PGP key as SSH key. Read the [related article]({{< relref "post/pgp_key.md#ssh-authentication" >}}) to view the public key.
|
||||
|
||||
|
||||
## Server keys
|
||||
|
||||
The `nemunai.re` domain, contains [SSHFP] records for each physical host. To avoid answering this message without further checks:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue