Hi, > Sure, ssh keys are much harder to compromise than passwords, but > _assuming a compromise has happened_ the consequences of using a single > key for everything are just as bad as using a single password for > everything. One ssh key per project doesn't make sense at all to me. They all would be on my laptop, and in case it gets compromised the attacker can easily snatch all the keys. One ssh key per machine makes alot more sense. For outgoing ssh connections from -- say -- shell.fedoraproject.org I wouldn't just copy my private key from my laptop but generate a new one, then add it to authorized_keys where needed. That does (a) limit the access to the machines really needed instead of allowing ssh to every machine I'm ssh'ing to from my laptop and (b) doesn't compromise the keys used on my laptop in case shell.fedoraproject.org is hacked. cheers, Gerd -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
