Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I’m confused. I make a unique private key for each machine I use. How is using that machine-specific key on multiple hosts insecure?


Your SSH public keys used on GitHub are very publicly exposed.

This information could be used by SSH servers you are connecting to. You might think you are connecting anonymously, while in fact your SSH client is sending your public key which could then be resolved to your GitHub account.


I don't get it. How do you end up with shell access on a machine you don't trust to know your identity?


edit your .ssh/config.

add one Host entry per domain.

on the end of the file add one catch all host rule with IdentityFile /dev/null

otherwise you're sending default key names to all hosts.

...and you are not sending id_rsa.pub to every single place you add a key, like most guides suggests, right? right?


I would be interested in a comprehensive guide on "doing it right", or a link to a guide that suggests the right thing.


already exists. "man sshconfig" or something.

guides dumbing down things are the root of evil.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: