Ryan Zezeski
Tim Freeman
@rzezeski Do you know the 'IdentityFile' config option?
Twitter friends: I want to better manage my SSH keys. E.g. different pairs for different things. Looking for good resources. Links please.
-
-
-
@rzezeski cool.. might be what you are looking for. You can pin a particular key file to a particular host in the config - View other replies
-
@peakscale Cool, I'll look at that. To be clear I'm looking for high-level articles discussing best practices. -
@rzezeski@peakscale I have several blocks like this for each vpc I have to access.pic.twitter.com/USrjFTCbyr
-
@rzezeski@peakscale The only reason for the devnull/known host BAD practice in the ProxyCommand is because of volatility in nodes -
@lusis@peakscale Do you know of resources going over all the best practices of key mgmt and ssh config? - View other replies
- View other replies
- Show more
-
-
-
@rzezeski ssh.config ? -
@seancribbs I'm looking for general good practices around key management. - View other replies
- Show more
-
-
-
.
@rzezeski You can configure different keys per host in the client config file. Also helps with different usernames. http://nerderati.com/2011/03/17/simplify-your-life-with-an-ssh-config-file/ … -
.
@rzezeski For best practice, I would say KISS first. If you must store keys where others have access, then key per administration domain?
-
-
@rzezeski check out Vault from hashicorp -
@rzezeski There's a general set of tradeoffs between convenience and security, and also crazy issues with ssh-agent + what keys get used. -
@rzezeski second vote for Vault, works really well, even integration with Github authentication backend
dadpool
Chris Siebenmann
Sean Cribbs
Kelly Sommers
Yonah Russ
Jacob loveless
Burt Macklin, FBI
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.