i’m wondering how those of you in the community who use public/private keys to ssh back up your private keys. i’ve lost a few in the past due to dumb mistakes, and would like to keep this from happening again.
my current thought is to make a private note for each key in bitwarden. but i am curious what other folks are doing
my other current thought is a flash drive just for private keys, as kind of a cold storage solution
it looks like i can filter for SSH keys, but no specific vault item for them. i can just use a secure note as i’ve done for api keys though
i’ll probably go with the secure notes then since i don’t believe i have a flash drive i can dedicate to keys. though having both in the future is probably not a bad idea!
In most cases I think I could use an alternate method to get in, even if that means mounting the filesystem and putting in a new key. So I wouldn’t view it as a separate problem from the need for backups in general. Maybe there’s a specific case where you really can’t have downtime or an alternate way in?
with a vps i definitely could vnc in and use password login to replace the key as i’ve done that before.
this mainly comes from a concern born out of interest in pubnix/tilde servers. i have my key i use to login, but no other way to get in if it is lost other than to contact the staff to replace my key. so for those ones at least i feel a need to keep them somewhere safe
Rather than have a key for each remote host, I usually have a key for each local host. Rather than backing up a key for each remote host onto a flash drive or private note, I think I would add the public backup key to each remote host. (Assuming the pubnix permits me to append to ~/.ssh/authorized_keys)
this is a smart approach. i’m not sure what got me into making separate keys for each host i ssh into, but that is how i’ve just always done it i think. it shouldn’t be a problem to add a backup key so i’ll probably go about it that way
for me i have a lot of different things to back up, which include a bunch of keys so i have a couple backups set up.
my current setup is an sd card doing daily backups with pika backup. it’s , simple, pretty, encrypted, does reoccuring backups in the background, i think it’s cool, though i think it’s linux-only. pretty sure there are better alternatives for other platforms.
is it overkill to do daily backups? maybe, but it does include things that aren’t just ssh key (other keys, some other small files i don’t want to lose). it’s almost always connected to my laptop (for automatic backups) so not much recovery against physical incidents (had enough digital incidents to accept a backup like this ).
i also use the same app to back up my keys manually to an external hard drive, this one is the more safe spot, it’s huge and i use it for a lot of different things (mostly archiving random things i find), and decided to just throw a backup on it since it won’t make a dent in the storage and could help a lot in the future.
your two thoughts are pretty decent options! i only really encrypt the folder and store it somewhere locally. need to find an online backup but i haven’t settled on one yet…
kinda! they got it very recently, but it seems like it needs some more time so you ordinarily can’t use them yet. never actually tried it but it seems interesting.
also wanna bring up that 1password had this option for a while and i assume you were probably thinking of that instead, as it seems very popular and liked by people. i never tried it really so idk. i don’t think i’d benefit from remotely storing and using keys.
thank you for mentioning pika backup. i’ve been looking for something in terms of backup software for my linux system. i had been using timeshift previously but it is recommended not to back up the home folder with it. where as it looks like pika backup is more focused on your personal data, such as what might be in your home folder