Hacker News new | comments | show | ask | jobs | submit login

Why would people put dotfiles like ssh keys up on public github?

This kind of thing is best suited for a private repo (github is still ok, just make it private) - cause it's most likely of no use to anyone but that single user.

I would not suggest that it's okay even for a private repo. Never let your private keys leave your machine or its dedicated, encrypted backup.

Although I would never do this myself, if the keys themselves are encrypted with a password and then uploaded, it's not nearly as bad.

In the case of ssh keys, you usually should use a different key per device/home directory and let your server accept all the keys.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact