Treat SSH Keys Like Passwords and Police According...
If you think about it, passwords need to be managed just like SSH keys, and that involves three key requirements: The enforcement of complex or long passwords. Some level of enforcement around the rotation of passwords (we can argue the rotation interval can be argued another time). Controls around who has access to the password. Let’s cover each requirement in more detail. Point 1: Complex or lon...