Good article. One thing I would add is that the public key carries just as much risk as the private key in the way they are used in SSH key trusts. Every public key added to authorized keys must be audited and tied back to a real person otherwise anyone that can temporarily get root access can shim their public key into the authorized keys and get access later on long after logs have rotated out. This mapping has to be done by a checksum of the public key, not the comment. Anyone can change a comment. I know people make the argument "well if someone had root its game over" but that is a bit disingenuous and incomplete as it pertains to how ssh implements identity as there isn't one. Prosecuting someone requires forensics and subtle changes to a system can mitigate the forensic process. Not managing identity attestation of public keys can get the wrong people thrown in prison or cost them a lot of money in lawyers. This is not a theory, I have witnessed this go horribly sideways.
Good article. One thing I would add is that the public key carries just as much risk as the private key in the way they are used in SSH key trusts. Every public key added to authorized keys must be audited and tied back to a real person otherwise anyone that can temporarily get root access can shim their public key into the authorized keys and get access later on long after logs have rotated out. This mapping has to be done by a checksum of the public key, not the comment. Anyone can change a comment. I know people make the argument "well if someone had root its game over" but that is a bit disingenuous and incomplete as it pertains to how ssh implements identity as there isn't one. Prosecuting someone requires forensics and subtle changes to a system can mitigate the forensic process. Not managing identity attestation of public keys can get the wrong people thrown in prison or cost them a lot of money in lawyers. This is not a theory, I have witnessed this go horribly sideways.