Comment by Charon77
5 days ago
What good does certificate format do? Certainly won't make people not reuse it the same way.
> where the affected users might be surprised or alarmed to learn that it is possible to link these real-world identities.
I feel like it's obvious that ssh public keys publically identifies me, and if I don't want that, I can make different keys for different sites.
> > where the affected users might be surprised or alarmed to learn that it is possible to link these real-world identities.
> I feel like it's obvious that ssh public keys publically identifies me, and if I don't want that, I can make different keys for different sites.
You're probably not the only one for whom it's obvious, but it appears to be not at all obvious to large numbers of users.
ssh by default sends all your public keys to a server. Yes you can limit some keys to specific hosts but it's very easy to dox yourself.
Doesn’t it try one key at a time rather than send all?
True but a server that wants to "deanonymize" you can just reject each key till he has all the default keys and the ones you added to your ssh agent.
You can try it yourself [0] returns all the keys you send and even shows you your github username if one of the keys is used there.
[0] ssh whoami.filippo.io
1 reply →
It does, and there's typically a maximum number of attempts (MaxAuthTries defaults to 6 IIRC) before the server just rejects the connection attempt.
1 reply →
Modern sshd limits the number of retries. I have 5 or 6 keys and end up DoSing myself sometimes.
1 reply →
so it's good practice to store key in non-default location and use ~/.ssh/config to point the path for each host?
What a great case of "you're holding it wrong!" I need to add individual configuration to every host I ever want to connect to before connecting to avoid exposing all public keys on my device? What if I mistype and contact a server not my own by accident?
This is just an awfully designed feature, is all.
2 replies →
I would say it's best practice to use a key agent backed by a password manager.
Specifically to use a different key for each host.
I had never thought about that. Seems like an easy problem to fix by sending salted hashes instead.
The server matches your purposed public key with one in the authorized keys file. If you don't want to expose your raw public key to the server, you'll need to generate and send the hashed key format into the authorized keys file, which at that point is the same as just generating a new purpose built key, no? Am I missing something?