Chris's Wiki :: blog/tech/SSHKeysAreInfoLeak Commentshttps://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak?atomcommentsDWiki2016-02-07T22:16:14ZRecent comments in Chris's Wiki :: blog/tech/SSHKeysAreInfoLeak.By Evaryont on /blog/tech/SSHKeysAreInfoLeaktag:CSpace:blog/tech/SSHKeysAreInfoLeak:f139fa6eceaf26ff8f223dfda08bdffb720e8e00Evaryonthttps://evaryont.me<div class="wikitext"><p>Practical attacks on this have already been demonstrated, albeit in reverse. See <a href="https://blog.filippo.io/ssh-whoami-filippo-io/">https://blog.filippo.io/ssh-whoami-filippo-io/</a> </p>
<p>By attempting to log in, it will attempt to determine which Github user is the one logging in. This is fairly easy since every public key you authorize for use with Github is publicly available at <a href="https://github.com/USER.keys">https://github.com/USER.keys</a></p>
</div>2016-02-07T22:16:14ZBy Patrick on /blog/tech/SSHKeysAreInfoLeaktag:CSpace:blog/tech/SSHKeysAreInfoLeak:a7c1782396a2720ee2237f15129133ca532e69e5Patrick<div class="wikitext"><p>Maybe interesting <a href="https://blog.0xbadc0de.be/archives/300">https://blog.0xbadc0de.be/archives/300</a></p>
</div>2016-02-07T19:01:46Z