← Back to context

Comment by SurajMishra

3 days ago

I feel this is worse than running rm -rf on a root directory. Just saying.

Much worse, instead of the data gone it's a data leak.

Those ssh keys can be used to access private servers

  • SSH keys can be limited by IP in authorized hosts.

    The SSH port itself can be limited by IP in firewalls.

    Finally, the SSH private key can be encrypted with a password.

    Defense in depth is needed. Storing a ssh private key in plain text with no IP restriction is no different to having a password manager store your passwords in plain text on your HD.

    • All those things are optional.

      Doesn't make uploading the keys that much better. Now is the time for key rotation everywhere. Fast.

      4 replies →

  • Well, those ssh keys are protected by a strong passphrase, right?

    • The passphrase is optional, not everyone has it.

      It also has to be a secure password, people often don't care because it's a local file and generally not exposed to the internet.

      1 reply →

I once ran rm -rf on a live NFS mount that the live operations of a major brokerage depended upon.

I challenge any agent to do worse than an intern with root access.

  • The point is to know better than to let the intern hurt themselves.

    I once saw an engineer try to place the blame on his intern for taking down prod. I was sitting in a meeting with the VP of engineering and someone asked if it was ok for some to blame their intern for the SEV, and I remember the VP saying "I'll talk to $director_for_the_interns_mentor". Interns can't take down prod. An intern's mentor willingly watching an intern take down prod is the closest you can get.