|
|
|
|
|
|
by fweespee_ch
3754 days ago
|
|
|
I use ssh-agent and 1 key per computer. If a computer and/or key is compromised, well, I just nuke all the related keys. I don't understand the desire to manage a large number of keys since the attack surface is pretty clear: A) The machine is not compromised and the key is safe. B) The machine is compromised and the key should be replaced ASAP. C) As a byproduct this forces obsolescence of keys in the ~3-4 year timeframe and you really should be swapping out keys every so often anyway. This keeps you from ignoring this fact for a decade :p |
|
|