My ssh keys are oldMany times I had the Idea to replace them and cleanup. Put the approach feels old not intuitive and i’m affraid of problems.
How do you manage keys and get sure they do ot get to old.
My ssh keys are oldMany times I had the Idea to replace them and cleanup. Put the approach feels old not intuitive and i’m affraid of problems.
How do you manage keys and get sure they do ot get to old.
So what happens when the certificate expires? Do you get locked out if you don’t have physical access?
Like the other commenter said, they’re expiring regularly. Host keys expire ~monthly and there’s a cronjob to reach out to the certificate authority server to renew them. User certs expire ~daily and the first time I ssh on any given day I have to authenticate with the CA. Recently tied it to PocketID for SSO.
Sooo, CA unreachable means connection dead, which is a manageable risk. But giving a third party the authority over my SSH access sounds like a great way to make it convenient for state actors to invade my privacy.
Re-gen the keys. In this environment, you would have PKI setup and automation to handle cert renewal.
Having the certs expire is an advantage, security-wise. Auth will expire with certs, stolen creds can be instantly invalidated.