Reputation: 343
is it safe to store ssh keys on github?
I would like to know if is it safe to store public and private key on a public git repository ? These keys are password protected.
I'm willing to do that in order to save my current linux configuration. If it's not safe to do so, do you know a way to achieve my goal ?
Regards
Upvotes: 11
Views: 15959
Answers (3)
Reputation: 11
If it's software, it can be hacked so with the right amount of time and patience anything can be brute-forced. Managing private keys should not be done in the cloud. A local key store encrypted with PGP with a passphrase and some simple scripts is the way I would do it.
Upvotes: 0
Reputation: 982
PKCS#12 password-protected keys (files *.pfx, *.p12) can be published if the password is strong enough, so, cannot be brute-forced.
Upvotes: 0
Reputation: 8845
Private keys should stay private. Putting them on a public git repository is very paradoxical. Even if they have a passphrase they can be forcefully opened.
Github was just hacked so you should assume that everything you upload on Github is for everybody to see, even the private repositories.
You could save your Linux config on Github, but not the private keys. They must stay private (on your server, in your home folder). Take a look at this very helpful answer at serverfault.com:
Upvotes: 20
Related Questions
- Github commits using SSH key
- managing ssh public keys on github organizations repositories
- Adding an SSH Key to Github from Git
- Portable Git and GitHub: SSH Keys
- Is setting SSH-Key in github necessary?
- Creating ssh key in github
- Setting up SSH keys for GitHub
- SSH GITHUB Keys
- Thoughts on storing a public SSH key in a Github repo?
- Setting up public key encryption for git ssh