Hacker News new | past | comments | ask | show | jobs | submit login

Really cool. But obviously this will leak ssh private keys and your username to lists.sh

To prevent this I guess you have specify a username and create a specific key and use that: ssh -i key unknown@lists.sh




Just wait until you discover https://github.com/yourusernamehere.keys


Thanks for submitting this feedback! We only record the public key that was accepted by the SSH app, but it's true, the logs could show all the public keys attempted for authentication.

I'm also going to update the docs to suggest providing your username for the service whenever logging in, in an effort to avoid leaking your host username unintentionally.


I think you mean public key rather than private.


Correct...

Creating new keys and using those will also enable you to create multiple accounts on there.

Also, I think this service might need a reserved username list. admin, abuse, cgi or even ops, help, spec ..or ?foo=42 are all available and possible right now.


I’ve deployed your suggestions, thanks so much!


Hey thanks for the feedback. I agree and this is going to be a priority for me immediately after I triage the bug reports.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: