

Even if you have a password for your ssh key, malware on your system can just wait until you enter the password.
Sure, it’s just that from my point-of-view I’d be toast anyway if anyone managed to gain that level of access.


Even if you have a password for your ssh key, malware on your system can just wait until you enter the password.
Sure, it’s just that from my point-of-view I’d be toast anyway if anyone managed to gain that level of access.


[…] it can be a security risk, allowing malware to move “laterally” between all your devices.
Unless you do something incredibly stupid, such as allowing keyless login or sharing keys (or having unencrypted keys or keys without a passphrase, seriously), I find it hard to see how that would actually happen in practice.


I always have SSH everywhere on everything and I could never understand why anyone ever would want to make it more complicated than that.


Small former Gemeinschaftsanntenne in my town and surrounding villages,
Ah, I see, that really does sound like a few places I know in Graubünden that wouldn’t be all too unfair to call “godforsaken backwater” (when it comes to the internet), despite all their charm. 😉


My current provider doesn’t even support it…
In what kind of godforsaken backwater do ISPs that don’t support IPv6 still exist!?
Learn about DNS, it’s the glue that holds the internet together, any time you spend on learning more about DNS will quickly pay off. You probably already know that it’s what maps domain names to IP addresses and vice versa, but it can be used for loads of other useful things too.
(My own two favourite not well known but totally standardized really convenient things to use DNS for is to provide SSH host key fingerprints through DNSSEC and requesting letsencrypt certificates for host names without any webserver.)