To avoid this mess, we can protect our ssh keys stored on local dev/desktop machines using physical security keys such as YubiKey. If your keys are stolen, an attacker can get access to all of your cloud servers, including backup servers. Unfortunately, you are not protecting ssh keys stored on a local desktop or dev machine at $HOME/.ssh/ directory. Once copied, you can now login to those servers without a password as long as ssh keys are matched. Then you copy your public ssh key to a remote cloud server. For example, say you have a server at Linode or AWS. All Linux and Unix servers are managed manually or by automation tools such as Ansible using ssh.
0 Comments
Leave a Reply. |