On Jan 27, 2008 5:11 PM, James G. Sack (jim) <[EMAIL PROTECTED]> wrote: > Brad Beyenhof wrote: > > I've just started getting into using DSA keys for SSH authentication > > (instead of passwords). > > > > What is the common practice for private keys? Do I create a separate > > one or each computer/username I use, or should I sneakernet the same > > id_dsa pair around and use the same keys all the time? > > I think one guiding principle is that you don't really want your private > key go to anywhere out of your control. > > I haven't done this myself (yet), but I think TR may have put his > private key on a flash drive.
That's what I meant by sneakernet... carry it around physically (data transmission "over" your sneakers). > Mine is on my main desktop computer only. > Tracy's practice sounds better! If you do that, then one key := one > person rather than one computer/person. The only thing I'm unsure of in this scenario is that the initially-generated public key contains the <[EMAIL PROTECTED]> of the machine/account in which you created it. Can this part be left off in the server's authorized_keys to allow key-based access to any machine? -- Brad Beyenhof http://augmentedfourth.com The history of popular music is littered with great partnerships. Rodgers had his Hammerstein, Lennon had his McCartney, and Lloyd Webber had... his photocopier... ~Humphrey Lyttleton -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-newbie
