Comment on What is the best trategie to refresh ssh keys?
Anekdoteles@feddit.org 2 days agoWouldn’t automation based on your approach be really easy? Like correct me if I’m wrong, but I assume you just need a chron job executing ssh-keygen on your localhost, adding the new pub to ansible, rolling out and removing the old, right?
solrize@lemmy.ml 1 day ago
It’s possible but I haven’t felt the need, and it’s another thing that can go wrong. If I think my key may have been compromised I have much bigger problems. I should assume my whole machine is pwned and trojan’d, so I should replace the disk and reinstall everything.
I can see some benefit in using a special token to hold the key instead of just generating it on my laptop. One of these days.