[Cialug] ssh-agent and multiple keys
Zachary Kotlarek
zach at kotlarek.com
Fri May 16 18:10:22 CDT 2008
On May 16, 2008, at 5:04 PM, Jeff Chapin wrote:
> I am looking to use ssh-agent with a large number of hosts, with one
> key per host.
I agree, the default ssh-agent behavior is sometimes undesirable. It's
particularly annoying when you've setup an automated connection to use
a specific key using the config file or -i, but the agent key is
accepted first when you're testing interactively.
But I'm a little confused as to what you're trying to do. If you're
going to keep all your keys in the same place, and simultaneously
decrypted, why do you need so many keys? The only reason that comes to
my mind for having more than one key per role is to protect other
hosts when one is compromised, but if all your keys are available at
the same time in the same place an attacker could presumably steal the
lot of them as easily as a single key. What am I missing?
Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1682 bytes
Desc: not available
Url : http://cialug.org/pipermail/cialug/attachments/20080516/df1bbabc/smime.bin
More information about the Cialug
mailing list