If you use the same public key across services then there's a good chance that y... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

inetknght on May 18, 2021 | parent | context | favorite | on: Show HN: Apply for a job through SSH, $ ssh jobs.h...

If you use the same public key across services then there's a good chance that your user can be identified. Github, for example, publishes users' public keys [0]. So if I re-use the same public key then you know it's me. Re-using the same public key is bad for privacy. But if you combine it with other security nightmares.

With agent forwarding the remote can enumerate all of your unlocked keys. The solution is 1) do not enable agent forwarding and 2) do not use key agents.

With X11 forwarding the remote side has basically full access to your local session. The solution is don't enable X11 forwarding.

philshem on May 18, 2021 [–]

I guess [0] is

    https://github.com/$USERNAME.keys

e.g. https://github.com/nat.keys

inetknght on May 18, 2021 | [–]

Whoops yeah pretty much. I forgot to paste the link. I was distracted. Now it's too late to edit

Consider applying for YC's Summer 2025 batch! Applications are open till May 13
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact