On 20 Mar 2024 12:17 +0100, from to...@tuxteam.de: >>> For ssh use I issue secret keys to each user and maintain matching public >>> keys in LDAP servers [...] > >> So the private keys aren't private, thereby invalidating a lot of >> assumptions inherent in public key cryptography. > > We are using that schema in our (small) company, too. Private keys > are definitely private here (we don't "issue keys" to anyone, everyone > uploads their *public* keys to the LDAP).
Right; I have no issues with _that_ part. It's the _issuing_ of a whole key pair that means that the private key _must_ have been accessible to someone else at some point. In a scheme where the key pair is generated by the user, the private key _may_ still be accessible to others (for example through administrator access), but that's a trade-off we always have to make when using a system administered by someone else; and it can be mitigated by e.g. storing the key on a SSH-capable Yubikey or in the TPM, along with a decent-strength passphrase. > Definitely. "Issuing keys" to people is a "crypto smell". I know, > it is being done far too often. People are too stupid to make their > key pairs, it is often said. But keeping people stupid is your > biggest security hole! Step 1: Open a terminal Step 2: Run this command: ssh-keygen -f ~/.ssh/my_key_<date> ... Step 3: Submit (through whatever means appropriate to the environment) the contents of ~/.ssh/my_key_<date>.pub; do not ever, no matter what anyone tells you, share the contents of ~/.ssh/my_key_<date> Step 4: Update ~/.ssh/config to indicate IdentityFile ~/.ssh/my_key_<date> It's not _that_ hard. I'm pretty sure pretty much anyone who can meaningfully use SSH to start with can figure that out. -- Michael Kjörling 🔗 https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?”