Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Big oof from an ops standpoint. How is a key like this ever accessible to an operator in unencrypted text form?

Funny enough, given that every person (and every bit of tooling) I know blindly approves SSH public key verification anyways, they will likely not even notice this switch.



> blindly approves SSH public key verification anyways, they will likely not even notice this.

Maybe on initial connect, but who TF ignores that "key has changed danger danger, high voltage" warning? You at least look around and ask a colleague?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: