A little reply about the SSH keys

It would seem Thrig has responded to one of my posts, once more!

Long Keys

It's always nice to get mail

This goes doubly so for Gemlog replies.

This does not close existing connections; sshd takes pains to allow a daemon restart without nuking the existing sessions.

I think this is a case of me assuming instead of knowing, I will use a quote that says it best.

take the time to learn about what you're running and don't take too many shortcuts.

Fixing an annoying postgres issue

I will definitely read up on how to shed connections from SSHD. 😂

Or maybe an attacker has found an old key from an old backup;

With my new way of doing things, there are no backups to be had. If a device would be knowingly lost or compromised, another device will be used to remove the pubkey from all services.

This does still leave unknown compromises as a risk though, but a very small one and they would still have to get/figure out the indvidual passphrase, that is not backedup or stored anywhere.

A few questions

Is forward secrecy involved?

No, I abandoned that a long while ago, while it is handy, it's a pain to set up and as I found out, it leads to bad SSH hygiene.

is someone saving all your encrypted traffic?

Most likely not, but even so, most of what they will find is a lot of generic commands and if they managed to get that far, they could just access the server.

do you remember how to generate and rotate the keys?

Generation is written down (and best practice checked on renew), I do not see much use in rotation, as per my previous post and like I mentioned it prevents an extremely rare occurence. If one wanted access to the server, at this point, it would be easier to get into any other service running on the system.

fancy new keystore thing to try out?

I feel this would be adding to the liability?

maybe favor Ed25519?

I would, but it isn't as widely supported yet and RSA4096 is at least for now, good enough. 😂

Non-SSH musings on debate

I am a horrible hog for a good debate and will as a toxic trait sometimes even drag people unwillingly into one.

It is a fault of mine, but I do enjoy a good debate and feel like it makes us better as a species.

Voicing our oppinions, dreams and ideas, is how we become more than the sum of ourselves, even or maybe especily when we aren't aligned.

✉️ Throw me a mail

↖️ To parent

Created 2024-10-05 - Updated 2024-10-09

gemini://hanzbrix.pollux.casa/gemlog/20241006.gmi