Linux
Welcome to c/linux!
Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!
Rules:
-
Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.
-
Be respectful: Treat fellow community members with respect and courtesy.
-
Quality over quantity: Share informative and thought-provoking content.
-
No spam or self-promotion: Avoid excessive self-promotion or spamming.
-
No NSFW adult content
-
Follow general lemmy guidelines.
view the rest of the comments
In that case, it seems to me that the only threat is the mindless copying of public keys to other servers, as described in the article. But who does so? Do admins not create separate private-public keys for each server?
Thank you for the explanation!
No separate keys, use certificates with proper SSH-CA and you’ll never share a key again. It’s not a new thing.
Most don't create new keys per server machine but that's not the issue. I don't bother, I create a key per client machine on my side.
Server gets compromised once, admin logs in and fixes it, admin logs in next time and the backdoor compromises it again.
That's all this is. If you can get in once, it's a spot you can leave a backdoor that many admins will miss. That's it.
Admins don't generally copy that whole file around, they usually copy and paste the lines they want. Also I generally copy and paste it from my workstation, not another server.