Hacker News new | past | comments | ask | show | jobs | submit login

Even if it's not, your default hostname when using a MacBook Pro is typically "<username>s-MacBook-Pro.local" which reveals you're using a MacBook Pro. That info leak probably doesn't matter, but generally you want to reveal as little information as possible.



What kind of person cares enough about anonymity to change the comment in their ssh key, but not change the default hostname of their Mac? That person is very inconsistent.


Why does ssh-keygen include unnecessary information by default?


Because it helps usability when the user is editing ~/.ssh/authorized_keys - if the default is not changed, the key comment has some context, so finding the right key is easier.

I strip comments from my SSH keys too for the same reason you do. But most people don't seem to care and there is a reason for the default.


Hardly unnecessary. Very useful to see which key is what when you have multiple.


Your right. I just checked mine and it was:

esau@europa.hsd1.fl.comcast.net

Not a big deal but it does reveal my ISP and state.


As one example, a hostname leak might hypothetically be useful for a spearfishing+XSS attack.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: