rry more about your character than your reputation. Character is what
> you
> > are, reputation merely what others think you are.” - - - John Wooden
> >
> > -Original Message-
> > From: IBM Mainframe Discussion List On
> Behalf Of
&
IBM Mainframe Discussion List On Behalf Of
> Allan Staller
> Sent: Tuesday, May 23, 2023 7:45 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Replacing SSH Keys - best practices?
>
> Classification: Confidential
>
> It is not necessary to remove the "old keypair".
When you think about renewal guidelines for SSH keypairs, the relevant
question is: What do you want to protect yourself (or your org) against?
If you account for the possibility that the private key itself gets into
wrong hands unknowingly, it boils down to the computational effort to
make the
Functionally, yes, but ...
Best practice is to remove the public key of an "old" keypair from their
authorized_keys file.
The whole point about key rotation is to discard a key (or pair) that
might have been compromised.
If a key is reasonably* thought to be safe (uncompromised) there's NO
than your reputation. Character is what you
are, reputation merely what others think you are. - - - John Wooden
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Allan Staller
Sent: Tuesday, May 23, 2023 7:45 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Replacing
Classification: Confidential
It is not necessary to remove the "old keypair". SSH will cycle through any
available keys until it finds one that works.
Theoretically, at some point this could become a performance bottleneck. In
practical terms it seems to be a non-issue.
My USD $0.02 worth.
