It's a good idea to keep your public keys private. You can do this by using a di... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

elric on Nov 13, 2021 | parent | context | favorite | on: Sign arbitrary data with your SSH keys

It's a good idea to keep your public keys private. You can do this by using a different key for each purpose, and by explicitly configuring (in ~/.ssh/config) which key to use for which purpose.

By default, the ssh client will try to each of your public keys to connect to any given server, which naughty servers can effectively use to enumerate your identities.

Services like Github really shouldn't publish these keys without consent. One could argue they're really PII and subject to privacy laws ..

Gargyle on Nov 13, 2021 [–]

Maybe this needs more precise wording. Like ingress/signature key but more compressed instead of public key. Or peer key. Any nice ideas?

elric on Nov 13, 2021 | [–]

That's a good point. The wording makes sense from a cryptographic point of view, but it doesn't really convey the full meaning outside of that context.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact