Remote resources only get your public key. It’s meant to be shared! Hence the word “public.”
The threat is having a private key stolen, in which case, having multiple keys can mitigate the amount of damage a threat actor can do. However, to steal your private key would involve a successful attack against your client, not against any server you might have given the public key to.
There's nothing dangerous about SSHing into an untrusted server unless you're using the same keys for everything.
Remote resources only get your public key. It’s meant to be shared! Hence the word “public.”
The threat is having a private key stolen, in which case, having multiple keys can mitigate the amount of damage a threat actor can do. However, to steal your private key would involve a successful attack against your client, not against any server you might have given the public key to.
There is also the threat of the server sending a data sequence that exploits a vulnerability in your terminal. It has happened before, but it’s rare.
1 reply →