Method to deprecate SSH key Pair locally
I've using my ssh-keys for a while. I'm thinking about to upgrade my ssh key pair to a stronger encryption and i dont know all devices where my keys are registered.
Is it posible to "deprecate" a SSH Key locally so, that I receive a warning if I authenticate with a deprecate SSH Key?
Solution 1:
I don't know of any way to do something like this, but I can see how it would be useful. What I'd be inclined to do is to stop adding the deprecated key to my SSH agent. That way, every time it gets used, I'll have to re-enter the passphrase. If it's something like, "ugh, another one to fix", then it'll remind me each time that I've got to go rotate my key on that machine, too.
Solution 2:
You can move the old ssh key to a non-default location (i.e., ~/.ssh/deprecated_id_rsa) and then create a new ssh key with your desired properties at ~/.ssh/id_rsa
That way you still have your deprecated key available if needed ssh -i ~/.ssh/deprecated_id_rsa ...
, but you will default to using your new key.