Startups, the OpenSSH bug makes your infrastructure as secure as the least secure hobby project/weekend hack/external site employees SSH to.
-
-
@patio11 Are you saying all ssh users should regenerate private keys? Are you saying create a unique public key for each box?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@patio11 I wish more startups used additional email/sms authentication to boxes instead of pasting my public key in `authorized_keys`
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@patio11 Enforced unique key & periodic rotation are both good things, as is fast key revocation, given % of breaches caused by dev laptops. -
@patio11 "Left laptop with root credentials unattended for several minutes & didn't lock it" is ample window for stealing keys.
End of conversation
New conversation -
-
-
@patio11 Why not just mandate `echo 'UseRoaming no' >> /etc/ssh/ssh_config` ?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@patio11 Different keys is best practice but may not be enough here; you're betting that the ssh process never loads unneeded private keys.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
This Tweet is unavailable.
-
-
@patio11 (Perhaps you're also including 'all your SSH keys must be encrypted', at which point ssh-agent is prob. a good additional mandate.)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.