And I'm sure every one of those 100k devices has a unique ssh key right? Surely ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jtriangle on July 1, 2024 \| parent \| context \| favorite \| on: How to get root access to your Sleep Number bed And I'm sure every one of those 100k devices has a unique ssh key right? Surely you can see the problem.

binwiederhier on July 1, 2024 [–]

Not just that's they have

- per session ssh keys that are valid for only 6 hours

- all ssh sessions are audit logged and have to go through jump servers tied to tech roles

- all sessions fully monitored via "script" and can be replayed

You can also see a write-up here: https://news.ycombinator.com/item?id=40840040

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact