The Homelab Show Episode 38: Managing SSH Keys

dear jay & tom. Thank you so much for these videos & the videos on your own channels. I've just got my first paying client! You've both been an inspiration! :)

TheAyrrow

you guys should do a video on central SSH/user management for controlling SSH access to multiple servers. Ansible, Salt, and a few others have good infrastructure for doing this but might be some better "best practices"

stevenspaulding

Windows 10 and Windows 11 has openssh built in including the ssh agent. You need to enable it under services and will then be able to add your key to the agent.

jonathangardener

I use Vault for ssh keys and it is great. Relatively simple to setup, key lifetime of 24h… very secure setup. Just be sure to run vault in HA mode, with integrated storage, no need to mess with Consul.

ioagel

Yeah, I got the Lucas book on Monday and read the first 70 pages last night. Apparently I'm doing things right on the server side, but now I've got to harden up my client configs and known_hosts files... 😉

ddEEE

For me the way I manage the public keys ( not sure if it’s the best way ) for my servers including home is from a internal hosted git repo there is a read only on a nebula interface between the servers ( also where I manage the firewall rules etc to roll out from ) and the servers key to the repo has only read access so even if a server is compromised then an attacker wouldn’t be able to add a key to the repo.

And I have a cron tab there is making sure the authorized key file is up to date regularly and also getting reloaded at every reboot just in case of a compromise

And on my pc I’m also managing it with ssh configfile because that was actually the first way I leaned managing it on a client on Linux and has always worked for me

tanjadk

I found that HA vault was a pain to me

SB-qmwg

How come that this episode is not available in podcast format?

davve