On 21/01/16 15:13, Peter Lebbing wrote: > On 21/01/16 15:47, Andrew Gallagher wrote: > >>> PS2: I can do the same with my authentication key, because if my key is >>> compromise, my SSH server don't know it ! Right? >> >> Yes. > > Let's talk about two separate issues: > > - If the smartcard breaks, you don't have access to the key anymore and > you need some alternative way of getting a new key authorized (the > normal way being to log in and add it to authorized_keys, but you can't > login with the old key anymore because the smartcard broke). > > - If your authentication subkey is /compromised/, you can still log in > to the SSH server, install a new key by editing authorized_keys, and at > the same time remove the old key from there. However, so can your > attacker. Having a key backup doesn't help against compromise.
Yes to all the above. I'd just point out that the same considerations apply to any lost vs. stolen authentication token (e.g. password). A
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
