Comment by fragmede

7 days ago

Who's sending ssh keys around anymore? Just get theirs off gitHub.com/username.keys and shove it in their user account.

http://gitHub.com/fragmede.keys, for example. Stick that in authorized_keys to let me into your server.

this touches two pieces of my knowledge:

    - microsoft is evil, I cannot delete my github account, will never use anything by this company
    - if the attacker knows your *public* key they can enumerate the list of the servers you have access to https://github.com/benjojo/ssh-key-confirmer

Not everyone works in a field where the developers or engineers have public github accounts or publish their profile of things like ssh keys for the world to read.