[28455] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: ABOVE.NET SECURITY TRUTHS?

daemon@ATHENA.MIT.EDU (Mark Milhollan)
Sun Apr 30 21:42:06 2000

To: nanog@merit.edu
In-reply-to: <Pine.BSO.4.21.0004281457540.31198-100000@dqc.org> 
Date: Sun, 30 Apr 2000 18:38:55 -0700
Message-ID: <18732.957145135@ftel.net>
From: Mark Milhollan <mlm@ftel.net>
Errors-To: owner-nanog-outgoing@merit.edu

Chris Cappuccio writes:
>The ssh server should optimally generate new keys every so often (every few
>hours?)
>
>This generally takes a lot of CPU time, and on a 2501 it would probably take
>quite a while!!!

So let it.  There's usually no rush.  A low priority process that begins
generating a key immediately should have one ready by the time you'd
like it changed.

More problematic is the processing requirements of encryption and
decryption, and the memory overhead overall.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[28455] in North American Network Operators' Group

Re: ABOVE.NET SECURITY TRUTHS?

daemon@ATHENA.MIT.EDU (Mark Milhollan)Sun Apr 30 21:42:06 2000

daemon@ATHENA.MIT.EDU (Mark Milhollan)
Sun Apr 30 21:42:06 2000