KS2011: Kernel.org report

Posted Oct 28, 2011 11:28 UTC (Fri) by corbet (editor, #1)
In reply to: KS2011: Kernel.org report by josh
Parent article: KS2011: Kernel.org report

Because a lot of existing keys were compromised and nobody wants to make guesses about which ones might be OK. SSH keys are cheap, why not replace them?

KS2011: Kernel.org report

Posted Oct 28, 2011 11:43 UTC (Fri) by josh (subscriber, #17465) [Link] (4 responses)

> SSH keys are cheap, why not replace them?

Replacing the SSH key doesn't seem crazy. However, maintaining a completely separate SSH key just for use on kernel.org causes quite a bit of additional complication and annoyance.

configure ssh identity by host

Posted Oct 28, 2011 17:16 UTC (Fri) by dmarti (subscriber, #11625) [Link] (3 responses)

You can always make a separate Host section in your .ssh/config with an IdentityFile line. Should then be used by everything that runs over ssh including git. (man ssh_config for more info)

configure ssh identity by host

Posted Oct 28, 2011 20:36 UTC (Fri) by nix (subscriber, #2304) [Link] (2 responses)

Does that work if you use an agent? Last time I tried, -i and IdentityFile were both ignored if an agent was in use.

configure ssh identity by host

Posted Oct 31, 2011 10:54 UTC (Mon) by mp (subscriber, #5615) [Link] (1 responses)

Even with IdentitiesOnly? Never tried it but looks like the option to set.

configure ssh identity by host

Posted Oct 31, 2011 17:50 UTC (Mon) by nix (subscriber, #2304) [Link]

I'm not sure that even existed in the fairly old version of OpenSSH I last encountered this problem in, five years ago. I should retest...