Page 1 of 1

security of ssh keys

Posted: 2019/01/13 12:38:25
by KernelOops
Hello everyone,

I've reached a point were my ~/.ssh/ is full of important keys that give access to well over 50 servers with various stages of access. Almost all the keys have passwords, instead of a few that give access to test vm's of no consequence. In addition, the partition is luks encrypted.

Apart from password protecting the keys, is there an additional layer of security? like saving the keys on another system and requesting them one-by-one, or maybe an encrypted loopback device?

What are your suggestions? does everyone leave them at ~/.ssh/ ?

Thank you.

there is a linux rootkit going around that spreads itself by reading the ~/.ssh/known_hosts file and using that to auto-connect to remote systems.