> > all credentials, personal information, and passwords given to
> > that machine should be unique to that machine.
>Does this mean you would have one key pair for each server you want to log
into?
>Currently, I generate one key pair for each client I want to log from.
Should I
>instead generate one key pair for each combination of client/server that I
have
>if the server is not to be trusted?
when you say keypairs, do you mean RSA/DSA public/private keypairs?
if so, then no it is not necesarry to make different ones for each server,
since the server only every gets the public part of it. As for making a
unique identity keypair for each trusted client you use, that is
fine because it's the more convenient way to do it.
what i meant was: if a machine is untrusted, then any information you give
it
should be non-sensitive. Do not create an identity keypair on an untrusted
server. Do not use passwords that are also used on other machines/services.
It is okay to put your public key in your authorized_keys files on an
untrusted
server, since public keys dont reveal anything sensitive.
