-
Notifications
You must be signed in to change notification settings - Fork 0
/
take-care-of-your-ssh-keys.html
18 lines (17 loc) · 8.84 KB
/
take-care-of-your-ssh-keys.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<!DOCTYPE html><html lang="de-ch"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Take care of your SSH identities - Finecloud</title><meta name="description" content="Did you know that your ssh Client sends the server all your public keys, one by one, until the server accepts one, when you try to authenticate via public key? Don't believe me? Try it out yourself: ssh whoami.filippo.io Someone could use this to find…"><meta name="generator" content="Publii Open-Source CMS for Static Site"><link rel="stylesheet" href="https://www.finecloud.ch/media/plugins/syntaxHighlighter/prism-black.css"><link rel="canonical" href="https://www.finecloud.ch/take-care-of-your-ssh-keys.html"><link rel="alternate" type="application/atom+xml" href="https://www.finecloud.ch/feed.xml"><link rel="alternate" type="application/json" href="https://www.finecloud.ch/feed.json"><meta property="og:title" content="Take care of your SSH identities"><meta property="og:site_name" content="Finecloud"><meta property="og:description" content="Did you know that your ssh Client sends the server all your public keys, one by one, until the server accepts one, when you try to authenticate via public key? Don't believe me? Try it out yourself: ssh whoami.filippo.io Someone could use this to find…"><meta property="og:url" content="https://www.finecloud.ch/take-care-of-your-ssh-keys.html"><meta property="og:type" content="article"><link rel="shortcut icon" href="https://www.finecloud.ch/media/website/finecloud.png" type="image/png"><link rel="stylesheet" href="https://www.finecloud.ch/assets/css/style.css?v=39da73365516a098a9b73b721fc970e2"><script type="application/ld+json">{"@context":"http://schema.org","@type":"Article","mainEntityOfPage":{"@type":"WebPage","@id":"https://www.finecloud.ch/take-care-of-your-ssh-keys.html"},"headline":"Take care of your SSH identities","datePublished":"2022-11-22T13:59","dateModified":"2022-11-22T15:37","description":"Did you know that your ssh Client sends the server all your public keys, one by one, until the server accepts one, when you try to authenticate via public key? Don't believe me? Try it out yourself: ssh whoami.filippo.io Someone could use this to find…","author":{"@type":"Person","name":"Finecloud","url":"https://www.finecloud.ch/authors/finecloud/"},"publisher":{"@type":"Organization","name":"Finecloud"}}</script><meta name="google-site-verification" content="seFY9U12uiEq5U3_MyZiX6XWzk0AVFl9zITr2ZKsytY"></head><body><div class="site-container"><header class="top" id="js-header"><a class="logo" href="https://www.finecloud.ch/">Finecloud</a><nav class="navbar js-navbar"><button class="navbar__toggle js-toggle" aria-label="Menu" aria-haspopup="true" aria-expanded="false"><span class="navbar__toggle-box"><span class="navbar__toggle-inner">Menu</span></span></button><ul class="navbar__menu"><li><a href="https://www.finecloud.ch/" target="_self">Blog</a></li><li><a href="https://www.finecloud.ch/tags/" target="_self">Tags</a></li></ul></nav><div class="search"><div class="search__overlay js-search-overlay"><div class="search__overlay-inner"><form action="https://www.finecloud.ch/search.html" class="search__form"><input class="search__input js-search-input" type="search" name="q" placeholder="search..." aria-label="search..." autofocus="autofocus"></form><button class="search__close js-search-close" aria-label="Close">Close</button></div></div><button class="search__btn js-search-btn" aria-label="Search"><svg role="presentation" focusable="false"><use xlink:href="https://www.finecloud.ch/assets/svg/svg-map.svg#search"/></svg></button></div></header><main><article class="post"><div class="hero"><figure class="hero__image hero__image--overlay"><img src="https://www.finecloud.ch/media/website/download.jpg" srcset="https://www.finecloud.ch/media/website/responsive/download-xs.jpg 300w, https://www.finecloud.ch/media/website/responsive/download-sm.jpg 480w, https://www.finecloud.ch/media/website/responsive/download-md.jpg 768w, https://www.finecloud.ch/media/website/responsive/download-lg.jpg 1024w, https://www.finecloud.ch/media/website/responsive/download-xl.jpg 1360w, https://www.finecloud.ch/media/website/responsive/download-2xl.jpg 1600w" sizes="100vw" loading="eager" alt=""></figure><header class="hero__content"><div class="wrapper"><div class="post__meta"><time datetime="2022-11-22T13:59">November 22, 2022</time></div><h1>Take care of your SSH identities</h1></div></header></div><div class="wrapper post__entry"><p>Did you know that your ssh Client sends the server all your public keys, one by one, until the server accepts one, when you try to authenticate via public key?</p><p>Don't believe me? Try it out yourself: </p><pre><code>ssh whoami.filippo.io</code></pre><p>Someone could use this to find out which public keys you have installed on your Client. You don't what this, don't you? So how can we avoid the leak of our Clients Public Keys? There is an easy fix, just add this at the end of your <code>~/.ssh/config</code> file:</p><pre><code>Host *</code><br><code> PubkeyAuthentication no</code><br><code> IdentitiesOnly yes</code></pre><p>Also make sure you don't use just one key for all connections. I hope don't use one password for all your logins - so why should you use one key for all your logins?</p><p>It is recommended to use one specific key for each host:</p><pre><code>Host github.com</code><br><code> PubkeyAuthentication yes</code><br><code> IdentityFile ~/.ssh/github_id_ed25519</code></pre><p> </p></div><footer class="wrapper post__footer"><p class="post__last-updated">This article was updated on November 22, 2022</p><ul class="post__tag"><li><a href="https://www.finecloud.ch/tags/bash/">bash</a></li><li><a href="https://www.finecloud.ch/tags/linux/">linux</a></li><li><a href="https://www.finecloud.ch/tags/network/">network</a></li><li><a href="https://www.finecloud.ch/tags/security/">security</a></li><li><a href="https://www.finecloud.ch/tags/shell/">shell</a></li><li><a href="https://www.finecloud.ch/tags/ssh/">ssh</a></li><li><a href="https://www.finecloud.ch/tags/tools/">tools</a></li></ul><div class="post__share"></div></footer></article><nav class="post__nav"><div class="post__nav-inner"><div class="post__nav-prev"><svg width="1.041em" height="0.416em" aria-hidden="true"><use xlink:href="https://www.finecloud.ch/assets/svg/svg-map.svg#arrow-prev"/></svg> <a href="https://www.finecloud.ch/opnsense-backup-to-nextcloud.html" class="post__nav-link" rel="prev"><span>Previous</span> Backup OPNsense to Nextcloud</a></div><div class="post__nav-next"><a href="https://www.finecloud.ch/deploy-your-java-web-app-to-heroku.html" class="post__nav-link" rel="next"><span>Next</span> Deploy your Java Web App to Heroku </a><svg width="1.041em" height="0.416em" aria-hidden="true"><use xlink:href="https://www.finecloud.ch/assets/svg/svg-map.svg#arrow-next"/></svg></div></div></nav><div class="post__related related"><div class="wrapper"><h2 class="h5 related__title">You should also read:</h2><article class="related__item"><div class="feed__meta"><time datetime="2024-09-13T17:23" class="feed__date">September 13, 2024</time></div><h3 class="h1"><a href="https://www.finecloud.ch/automatically-update-hidden-dependencies-in-your-dockerfiles.html">Automatically update the hidden dependencies in your Dockerfiles</a></h3></article><article class="related__item"><div class="feed__meta"><time datetime="2022-12-23T05:40" class="feed__date">Dezember 23, 2022</time></div><h3 class="h1"><a href="https://www.finecloud.ch/deploy-your-java-web-app-to-heroku.html">Deploy your Java Web App to Heroku</a></h3></article></div></div></main><footer class="footer"><div class="footer__copyright"><p>Powered by Publii</p></div><button onclick="backToTopFunction()" id="backToTop" class="footer__bttop" aria-label="Back to top" title="Back to top"><svg><use xlink:href="https://www.finecloud.ch/assets/svg/svg-map.svg#toparrow"/></svg></button></footer></div><script>window.publiiThemeMenuConfig = {
mobileMenuMode: 'sidebar',
animationSpeed: 300,
submenuWidth: 'auto',
doubleClickTime: 500,
mobileMenuExpandableSubmenus: true,
relatedContainerForOverlayMenuSelector: '.top',
};</script><script defer="defer" src="https://www.finecloud.ch/assets/js/scripts.min.js?v=6ca8b60e6534a3888de1205e82df8528"></script><script>var images = document.querySelectorAll('img[loading]');
for (var i = 0; i < images.length; i++) {
if (images[i].complete) {
images[i].classList.add('is-loaded');
} else {
images[i].addEventListener('load', function () {
this.classList.add('is-loaded');
}, false);
}
}</script><script defer="defer" src="https://www.finecloud.ch/media/plugins/syntaxHighlighter/prism.js"></script></body></html>