Hacker News new | past | comments | ask | show | jobs | submit login

This "system for automatic dumps" 100 percent uses ssh under the hood. Probably with some eternal sudo administrator key.

Personal ssh access is always better (from a security standpoint) than bot tokens and keys.




There's a thousand ways to do it without SSH. It can be built into the app itself. It can be a special authenticated route to a suid script. It can be built into the current orchestration system. It can be pull-based using the a queue for system monitoring commands. It can be part of the existing monitoring agent. It can be run through AWS SSM. There's really no reason it has to be SSH.

And even got SSH you can have special keys with access authorised to only specific commands, so a service account would be better than personal in that case.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: