this post was submitted on 28 Apr 2024
1 points (100.0% liked)
Security
5014 readers
1 users here now
Confidentiality Integrity Availability
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Accepting ssh key fingerprints on first ssh is a bad practice. Ssh ca’s and or sshfp are around and have been for decades. Accepting random host keys is like trusting random self signed ssl certificates.
Use ssh ca’s for user and host keys so you can revoke and rekey hosts without having to update authorized keys. And then you can revoke access to hosts for users as well and much more.