Hi,
Because of the posts in this topic, I’m not opening a new one. We’re discussing internally what’s the best practice for SSH keys. One SSH key or one per device. One SSH key is obviously easier for connecting to a device and just storing one SSH key. But per device has the benefit that when one SSH key is compromised, not all devices are compromised (although, when one is compromised, probably all of them are compromised, because they’re stored on the same storage). But as far as I know, it’s not possible to add SSH keys during runtime, apart from changing the /mnt/boot/config.json
manually. Not automatically via a custom script, right?
And if we’re using just one SSH key, and for a reason it’s compromised, it’s also not possible to remove that SSH key from all of our devices and adding a new one to it. The most important part is storing the SSH private key securely, but in case of disaster, we’d like to know what our options are.
FYI, we’re using openBalena for most of our devices.
Thanks in advance!