User talk:NetSysFire

From ArchWiki
Jump to navigation Jump to search

Managing multiple keys

Hi, regarding this section of SSH keys - do we want to just remove the security references and only provide the info? I came to a similar conclusion when reading the attached links (which is why I made the edit): there may be a security-related benefit because it can affect how easy/fast revocation is, but it's not a no-brainer. I feel there's no point having an Accuracy template talking about a dispute if no dispute exists and we could just change it! Tme5 (talk) 20:13, 17 April 2021 (UTC)

I agree with that. I should have clarified that the security references should be removed. My bad.
About the revocation, this is certainly a trickier topic. As far as I know ssh is not sandboxed so if there is e.g a RCE the attacker might be able to just (silently) steal all the keys from your machine, so you have to revoke every one of them regardless. But yes this is probably out of scope for that article.
A relevant example for multiple keys is probably a smartcard, which is usually {ssh,gpg}-agent based. The last time I had to use both an ed25519 and a RSA key was when I needed to connect to a host running an ancient version of sshd (~2007), so maybe the example should be updated, too. But this should probably be discussed separately, especially since some smartcards only support RSA keys but this is agent-based and should not matter.
-- NetSysFire (talk) 20:34, 17 April 2021 (UTC)