We're deploying some IOT devices at work, and I think we're going to be assigning an ssh key to each device and then storing their public key so that we decrypt their traffic.
The private key never leaves the device, and I don't think public keys are secrets. However, I'm not 100% sure that's okay.
Can someone provide insight into the problems (security or otherwise) with this approach?
Best Answer
What are the sizes of the keys? If your RSA keys are not at least 4096 bits they are at risk of being reversed, and your private keys revealed.