Follow

Is there any point to rotating SSH keys but keeping the same passphrase on the new key that the user had on the old one? It *seems* like security theater, but I'm not sure I'm thinking about all threat models.

(And I certainly see a lot of recommendations about rotating keys that don't mention changing the passphrase at the same time. Including in @mwlucas's excellent SSH Mastery – which I just read and which inspired me to up my SSH security.)

@codesections @mwlucas it changes the hash calculation, so it is better than nothing as long as strong password rules are enforced and the user isn't using the same password for all their logins on other platforms with weaker security measures. It doesn't stop someone from bruteforcing, of course.

@Shitlord

> [SSH key rotation] changes the hash calculation

Is the threat model there someone who *doesn't* have access to the SSH private key and is attempting to access the resource secured by the SSH public key?

If so, I *guess* I see a minor benefit – it protects against a *very* long-shot attack, but I suppose that sort of attack is conceivable if a flaw in the hashing algorithm is discovered.

If that's not what you had in mind, I guess I didn't follow :D

@codesections that hash is generally the most exposed in any sort of sniffing situation. That's all I can think of.

What about keys without passphrase. If one of these get stolen, you'd still want to change it, right?

@codesections @mwlucas

@RefurioAnachro

> What about keys without passphrase. If one of these get stolen, you'd still want to change it, right?

Yeah, certainly. And I'm not *so* trusting of the passphrase that I'd hold off on rotating a key if I had reason to *think* a key had been stolen. What I'm asking about is routine key rotation without any reason to suspect anything.

There, regularly rotating keys that can't use passphrases makes perfect sense. But I'm not as sure about keys with passphrases

Passphrases are just weird, because when someone can steal your key, he is likely able to capture your passphrase as well. Unless, of course, if you make backups. Then a password seems reasonable.

Bah, it's all a game of odds. Trade the inconvenience for a tad more security? Or buy some hardware 2nd fa right away? And where's the usb armory I ordered to get kickstarted...

@codesections

@codesections I was gonna say "I'm not paid for that", but that's probably something like drunken driving. I'ma gonna rotate my keys and re-check my firewalls where I have them.

@codesections @mwlucas yeh it's worth it, there's operations to capture ssh priv keys so that sometine in the future they can decrypt streams that are captured.

@penguin42

>> Is there any point to rotating SSH keys but keeping the same passphrase on the new key that the user had on the old one?

> yeah it's worth it, there's operations to capture ssh priv keys so that sometime in the future they can decrypt streams that are captured.

That is a really good point and one I hadn't thought of in this context—thanks!

(I'd heard about those operations, but I'd only thought of it it terms of forward secrecy for email; I hadn't made the connection to SSH)

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.