On Thu, Oct 13, 2011 at 10:55:59PM -0500, Callum Lerwick wrote: > On Thu, Oct 13, 2011 at 12:18 PM, Adam Williamson <awilliam@xxxxxxxxxx> wrote: > > On Thu, 2011-10-13 at 10:43 +0200, Gerd Hoffmann wrote: > >> One ssh key per machine makes alot more sense. For outgoing ssh > >> connections from -- say -- shell.fedoraproject.org I wouldn't just copy > >> my private key from my laptop but generate a new one, then add it to > >> authorized_keys where needed. > > > > That's a sensible approach, sure. > > Its the only right way to do it. As a general rule, a private ssh key > should NEVER be transferred off the machine it was generated on. If > you have the same private key on more than one machine at a time, > you're Doing It Wrong. > Having the same private key on two machines may indeed be the wrong way to do things but it's questionable that the method described is truly the "only right way to do it". Is it worse to have any private keys (even one generated on that machine) on a shared server or to use an ssh-agent with your local credentials through the shared shared server? -Toshio
Attachment:
pgp3WP9Tdup2Y.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
