Comment by saidinesh5
8 hours ago
Wow. Thanks for this. I haven't logged into Juice SSH in years, but i thought it had all my ssh keys backed up in the cloud.
8 hours ago
Wow. Thanks for this. I haven't logged into Juice SSH in years, but i thought it had all my ssh keys backed up in the cloud.
I’d start rotating those keys asap… you’re one breach away from a security nightmare
Yep, just did.. A lot of those devices don't even exist anymore but the keys exist lol.
You should encrypt your ssh keys anyway, and you should encrypt anything sensitive you are backing up to a cloud.
Private keys should never leave the device where they are created.
5 replies →
Actually, you shouldn’t. You probably use an easy-to-remember password on SSH keys since you have to type them often, but that also means you’re storing one of your (let’s face it, the primary) password you have in a single file, readable to every executable your run under your account. And that means you’re one exfil away from not only getting your SSH keys compromised, but also allowing an attacker to run an offline decryption attack with unlimited attempts. This invariably leads to your main password getting compromised.
Instead, set up SSH certificates, MFA, Yubikey, or TPM/Enclave storage for your private keys.
2 replies →