starred/ssh-sync
1
0
Fork 0
mirror of https://github.com/therealpaulgg/ssh-sync.git synced 2026-04-26 16:05:51 +03:00
Code Issues 8 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #79] Allow master key rotation #26

New issue
Open
opened 2026-02-28 01:16:53 +03:00 by kerem · 0 comments
kerem commented 2026-02-28 01:16:53 +03:00
Owner
Copy link

Originally created by @therealpaulgg on GitHub (Feb 22, 2026).
Original GitHub issue: https://github.com/therealpaulgg/ssh-sync/issues/79

There's a chance that master keys are not secure now due to the store now and decrypt later attack. We should enable users to be able to migrate their master keys.

The main thing to note is that the master key is the same value on each and every machine the user has in their control. There is no straightforward way to update all of these files at the same time.

Proposed scheme:

Assume the user has several machines (A, B, C, etc.) Any of these machines should be considered trusted.

One machine should be able to upload the master key to the server, stored in an encrypted fashion, to be downloaded later by the other clients.

We actually have each client's public key, so it should be possible for one machine to start a "migration" by doing the following:

  1. Generate new AES key
  2. Encrypt that AES key n times for each machine that exists, storing n copies of the master key on the server (each copy is encrypted with that n machine's public key)
  3. Machines can at their own leisure download this new master key

We'll need to update the database to store a new migrated master key column. Ideally this is not stored in the database long term, so maybe it would be useful to delete the data after a certain time period.

At minimum hybrid post quantum crypto should be implemented before this point so each machine that downloads can keep that key safe.

Originally created by @therealpaulgg on GitHub (Feb 22, 2026). Original GitHub issue: https://github.com/therealpaulgg/ssh-sync/issues/79 There's a chance that master keys are not secure now due to the store now and decrypt later attack. We should enable users to be able to migrate their master keys. The main thing to note is that the master key is the same value on each and every machine the user has in their control. There is no straightforward way to update all of these files at the same time. Proposed scheme: Assume the user has several machines (A, B, C, etc.) Any of these machines should be considered trusted. One machine should be able to upload the master key to the server, stored in an encrypted fashion, to be downloaded later by the other clients. We actually have each client's public key, so it should be possible for one machine to start a "migration" by doing the following: 1. Generate new AES key 2. Encrypt that AES key n times for each machine that exists, storing n copies of the master key on the server (each copy is encrypted with that n machine's public key) 3. Machines can at their own leisure download this new master key We'll need to update the database to store a new migrated master key column. Ideally this is not stored in the database long term, so maybe it would be useful to delete the data after a certain time period. At minimum hybrid post quantum crypto should be implemented before this point so each machine that downloads can keep that key safe.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
85-delete-config-entries
codex/add-ssh-sync-command
79-master-key-rotation
codex/add-periodic-sync-feature
codex/handle-ssh-config-edge-cases
claude/investigate-quantum-resistant-ssh-sync
claude/sync-known-hosts-011CUM6wmJ8dm18GzX6KL8FG
71-404-when-trying-to-delete-a-machine-from-a-user-profile
copilot/fix-36
copilot/fix-53
copilot/fix-25
codex/update-release-workflow-and-hosting-setup
codex/add-arm-support-and-package-publication-to-repository
codex/improve-syncing-of-known-hosts-file
config-management
51-25-key-management
unit-tests
v1.4.0
v1.3.0
v1.2.2
v1.2.1
v1.2.0
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.0
v0.0
v0
v0.0.0
v0.3.8
v0.3.7
v0.3.6
v0.3.5
v0.3.4
v0.3.3
v0.3.2
v0.3.1
v0.3.0
v0.2.4
v0.2.3
v0.2.6
v0.2.5
v0.2.2
v0.2.1
v0.2.0
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
ai-generated

   
pull-request

Mirrored from GitHub Pull Request

No labels
ai-generated
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/ssh-sync#26
No description provided.