Hacker News new | comments | show | ask | jobs | submit login

Another, somewhat obvious one:

Be extremely careful when using public customized AMIs, a lot of times ~/.ssh/authorized_hosts contains public keys and this is obviously a huge security problem

Yeah, I almost feel like AWS should clear the contents of authoried_keys for each user when you make an AMI public. That of course is bound to break some things, but prevents security oversights.

I would be more worried about a backdoored sshd in a public ami. At least authorized_keys is a known place to check.

no, public keys are not a security problem.

They are if you don't know who has the corresponding private key.

oh right when using public AMIs. I thought parent meant publishing AMIs. derp.

Public keys on your host where you don't control who has the private key are.

But the fact they allow access to your system is.

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact