Hacker News new | past | comments | ask | show | jobs | submit login

I love this tool too!

except one time I quickly typed

`cat ~/.ssh/mykey | pbcopy`

And sent it straight away to my coworker on Slack.

I then spent the rest of the day making a new private key and adding my new pubkey to all of the 1000+ servers I had root access to. I mean we had tools to help but it still wasn’t fun.

With great power/convenience comes the potential to do dumb things at lightning speeds!




If you literally have ssh root access to 1000+ servers, using certificates will be more secure and convenient than directly using public key.


put your private key in something like Secretive: https://github.com/maxgoedjen/secretive


Userify would have made that pretty painless (all it really seems to do is update the authorized_keys across all of your servers every minute or so)


also userify allows you to set up sudo access on some of the servers and not others, so that'd take care of the other root-access issue you have. (sudo also provides auditing/logging controls that are useful in a multi-user environment)


I might start naming my private key files ~/.ssh/keyname.PRIVATE after hearing that story...


That's not a bad idea. I've never actually made the same mistake, but I have caught it at the last moment and having tab complete not pick the private one first would help.


It would have avoided it! I was using tab and forgot to select .pub as you correctly surmised. I was a junior dev at the time and all the seniors got a good laugh out of it, and I use it as a cautionary tale about trying to be TOO overeager and efficient.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: