Hacker News new | comments | show | ask | jobs | submit login

Yeah, I almost feel like AWS should clear the contents of authoried_keys for each user when you make an AMI public. That of course is bound to break some things, but prevents security oversights.

I would be more worried about a backdoored sshd in a public ami. At least authorized_keys is a known place to check.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact