Frage an Linux Fachleute.
Man kann ja einstellen, das ein Passwort für den Shell Zugang nach X -Tagen abläuft.

Gilt dies auch (also der Passwortablauf) wenn man sich über SSH-Authentifizierung mit Schlüsselpaaren auf dem System anmeldet?

Hierzu habe ich bisher keine Infos im Netz gefunden

#linux #ssh #keypair #password #access

every time i read a post or guide and it walks someone through creating an #openssh #keypair without a password on the private key i want to reach through my display and whack them upside the head and tell them to read the g-ddamned manpage for `ssh-agent` and `ssh-keygen` again.

i log this as a critical finding in my threat model workshops. using strong authentication in automation is a solved problem and has been before the first commit to openssh as far as i can remember.
#bestPractices

Yo, I'm trying to learn the nuances of #openpgp...

I've generated my #keypair, added an additional UID for a secondary E-mail, uploaded to a keyserver, and even setup some identity proofs using #keyoxide.

Question 1: When would one also add a UID for a *work* E-mail?

Question 2: How should one handle their *private* key across devices (personal laptop/smartphone/work laptop)?

#askfedi #gpg #pgp