Re: [tlug] rsync ssh error

["Stephen J. Turnbull" <turnbull.stephen.fw@example.com>]

Darren Cook writes:

 > The OP is using this ssh key for backups across their 192.168.*.*
 > network. Is an attacker who *already has access to the LAN*, going
 > to spend $50K on hacking your ssh key?

Probably not.  On the other hand, depending on the amount of
automation involved, it's mostly just a matter of the user(s) typing
'y' once per key used in logging in.  So the cost of changing could be
as low a few minutes to generate a high-quality host key-pair, one
login, and one 'y'.  We know that cost will only get cheaper over
time.

Of course if you have many scripts spread across a lot of hosts and
each one has its own known-hosts file, the PITA factor goes way up,
especially if (as in the case of timely backups) it's a potentially
existential threat if the script fails.

 > Not a rhetorical question; if you are a prominent politician/
 > celebrity, and if there are other users on the LAN (*), then maybe
 > your secrets are worth that.

Of course, it's also possible that somebody has already reduced the
cost to $5 and the 90 day grace period ends tomorrow. :-)

Steve