Do ssh keys expire? -- was -- Re: Looking for a working example of sshd_config setup fille

Robert Moskowitz rgm at htt-consult.com
Tue Aug 19 12:28:21 UTC 2025 


On 8/19/25 6:06 AM, Jeffrey Walton wrote:
>
>
> On Tue, Aug 19, 2025 at 4:36 AM David Fletcher <dave at thefletchers.net> 
> wrote:
>
>     [...]
>
>     I just want to ask a question because I've been watching this
>     thread,...
>
>     Question - Will I at some time need to create new keys? My id_rsa and
>     id_rsa.pub files are dated 2007-12-29.
>
>
> The only time you should rotate a key or a password is, if you believe 
> the key or password has been compromised or have evidence it was 
> compromised. That's because Key Continuity is a better security 
> property than gratuitous Key Rotation based on the tasseomancer 
> reading tea leaves.

Not entirely true as there *IS* a life-time to a key based on how much 
data was encrypted with the key and *IF* the attacker had all that data, 
could deduce the key.  For AES128 those 100Gb pipes across the Pacific 
(LA to Tokyo) running 802.1AE exhaust the key entropy before the first 
byte reaches the other end.  So we had to implement a key hierarchy in 
1AE for such use cases.

For RSA512 *IF* you encrypt data,  not just keys, you can hit the 
limit.  And this is way practically ALL the pictures showing how RSA 
works is wrong; like for 30 years!  We avoid encrypting data with RSA, 
but encrypt a symmetric key that is used to encrypt the data.

For EC128, this entropy limit is rather high and you do not need to be 
concerned with it.  Our algorithms that use them for data signing take 
this into account.

Key and random number entropy is a tricky thing and there are LOTS of 
papers about it.

>
> In fact, the StrictHostKeyChecking _is_ key continuity scheme used in 
> SSH. StrictHostKeyChecking is based on an early experiment called 
> Perspectives in SSH, if I recall correctly.
>
> If you ask the tasseomancer where he or she came up with the 2 years 
> public key rotation or the 90 days password rotation, they will not be 
> able to give you a science based answer. They will basically pull it 
> out of their ass in what Peter Gutmann calls "crypto-numerology".

Again, not actually true.  We CAN calculate entropy exhaustion. Thus we 
CAN calculate an endpoint for using a key.  The fun part is how you 
measure this in the real world (those trans-ocean pipes are the easy 
case)!  And for this the opinions are all over the map; I am as much a 
contributor to the noise as others.

>
> For detailed reading on key continuity and failed password policies, 
> see Peter Gutmann's Engineering Security, 
> <https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf>.

One of the good guys!

>
> Jeff
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20250819/2f0232ae/attachment.html>

More information about the ubuntu-users mailing list