Alex McKenzie <alex@boxchain.com> writes:
>>> If your key falls into the wrong hands, you've given that person
>>> passwordless access to your accounts.
>
> So audit all logins under that account, using that
> keypair. Periodically look at your message log and see what IP's at
> what times connected with it. You could even do fancy stuff like per
> account ip exclusions with ssh.
Why not just use a passphrase for keys you use interactively?
Or limit the capabilities of a keypair to a single task (for keys you
use in automated situations)?
Seems like less work than remembering to audit your logs.
Mark.
-- As long as you have mystery you have health; when you destroy mystery you create morbidity. -- G.K. Chesterson ___________________ Nolug mailing list nolug@nolug.orgReceived on 07/21/03
This archive was generated by hypermail 2.2.0 : 12/19/08 EST