On Thu, Oct 13, 2011 at 11:18 PM, Toshio Kuratomi <a.badger@xxxxxxxxx> wrote: > On Thu, Oct 13, 2011 at 10:55:59PM -0500, Callum Lerwick wrote: >> On Thu, Oct 13, 2011 at 12:18 PM, Adam Williamson <awilliam@xxxxxxxxxx> wrote: >> > On Thu, 2011-10-13 at 10:43 +0200, Gerd Hoffmann wrote: >> >> One ssh key per machine makes alot more sense. For outgoing ssh >> >> connections from -- say -- shell.fedoraproject.org I wouldn't just copy >> >> my private key from my laptop but generate a new one, then add it to >> >> authorized_keys where needed. >> > >> > That's a sensible approach, sure. >> >> Its the only right way to do it. As a general rule, a private ssh key >> should NEVER be transferred off the machine it was generated on. If >> you have the same private key on more than one machine at a time, >> you're Doing It Wrong. >> > Having the same private key on two machines may indeed be the wrong way to > do things but it's questionable that the method described is truly the "only > right way to do it". Is it worse to have any private keys (even one > generated on that machine) on a shared server or to use an ssh-agent with > your local credentials through the shared shared server? Its the only right way to manage private keys on a given system. Whether or not a given system should even HAVE private keys in use on it at all is an orthogonal issue... :) -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
