Confirmed users
502
edits
Security/Guidelines/OpenSSH: Difference between revisions
Jump to navigation
Jump to search
→Key generation
Gdestuynder (talk | contribs) |
Gdestuynder (talk | contribs) |
||
| Line 213: | Line 213: | ||
== Key generation == | == Key generation == | ||
Large key sizes are used as SSH keys are not renewed very often (see also [[Security/Key_Management]]). | Large key sizes are used as SSH keys are not renewed very often (see also [[Security/Key_Management]]). | ||
Don't hesitate to create multiple different keys for different usages. | |||
<source code="bash"> | <source code="bash"> | ||
| Line 232: | Line 234: | ||
* The recommended settings are identical to the user keys. | * The recommended settings are identical to the user keys. | ||
* The keys must be accessible only by the admin user (root) and/or the system user requiring access. | * The keys must be accessible only by the admin user (root) and/or the system user requiring access. | ||
Usage of machine keys should be registered in an inventory (a wiki page, ldap, an inventory database), to allow for rapid auditing of key usage across an infrastructure. | * Usage of machine keys should be registered in an inventory (a wiki page, ldap, an inventory database), to allow for rapid auditing of key usage across an infrastructure. | ||
* The machine keys should be unique per usage. Each new usage (different service, different script called, etc.) should use a new, different key. | |||
== SSH agent forwarding == | == SSH agent forwarding == | ||