Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No. But it eases "man in the middle" attacks (someone impersonating the host you think you're connecting to, with that key).

Still, if someone puts your pub key in an authorized_keys of a malicious host, and then manipulates your DNS or ARP to conduct you to such host, you should get some SSH warnings about the host fingerprint, etc.

And still, if you're using a dedicated key, the only possible attack could be to make you commit your repo changes, to the malicious machine instead of to github.



This is also the reason not to forward your ssh-agent (in my view, one of the most poorly considered features of ssh).


If agent-forwarding wasn't implemented, more people would just copy their private keys to several machines.

At least when you use agent forwarding, your key is only exposed while you're actually connected to the machine.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: