This makes naming the key after both a) the user, admin (or process) and b) the host an almost mandatory step for key management, right? ps Sorry I keep coming back to Paul's seri on SSH for 5 years :)
Thanks for the question, Tukoz. Assigning and tracking owners or users of keys is critical in key management. This generally relates to naming. However, with SSH, the critical issue is who has access to the key or what it provides access to. For user private keys, it is critical to know who has access to the key. For user public keys, it is critical to know which account(s) the key provides access to (via authorized_keys files). That is why it is so important to regularly do an automated discovery of keys so that you know which clients (private keys) have access to server accounts (public keys). I hope this makes sense. I’m not saying your statement is wrong. Naming is important. But it is nuanced with SSH because of how closely keys are related to accounts and access.
This makes naming the key after both a) the user, admin (or process) and b) the host an almost mandatory step for key management, right?
ps Sorry I keep coming back to Paul's seri on SSH for 5 years :)
Thanks for the question, Tukoz. Assigning and tracking owners or users of keys is critical in key management. This generally relates to naming. However, with SSH, the critical issue is who has access to the key or what it provides access to. For user private keys, it is critical to know who has access to the key. For user public keys, it is critical to know which account(s) the key provides access to (via authorized_keys files). That is why it is so important to regularly do an automated discovery of keys so that you know which clients (private keys) have access to server accounts (public keys). I hope this makes sense. I’m not saying your statement is wrong. Naming is important. But it is nuanced with SSH because of how closely keys are related to accounts and access.
Nice explanation buddy. Especially on ssh tunnelling.
Thanks for the feedback, Harshil. I appreciate it.