| ▲ | hoppp 9 hours ago |
| Much worse, instead of the data gone it's a data leak. Those ssh keys can be used to access private servers |
|
| ▲ | crimsonnoodle58 8 hours ago | parent | next [-] |
| SSH keys can be limited by IP in authorized hosts. The SSH port itself can be limited by IP in firewalls. Finally, the SSH private key can be encrypted with a password. Defense in depth is needed. Storing a ssh private key in plain text with no IP restriction is no different to having a password manager store your passwords in plain text on your HD. |
| |
| ▲ | hoppp 8 hours ago | parent [-] | | All those things are optional. Doesn't make uploading the keys that much better. Now is the time for key rotation everywhere. Fast. | | |
| ▲ | crimsonnoodle58 8 hours ago | parent [-] | | How are they optional? You obviously haven't worked anywhere security sensitive. I'm not talking about whether what Grok did is bad or good, I'm talking about protecting your private key and the servers you connect to. An unencrypted private key is no different to an unencrypted password manager, and thats a fact. Dont store secrets in plain text. | | |
| ▲ | hoppp 8 hours ago | parent | next [-] | | I meant that not everyone is doing it at home. Do you think a person's private computer is a secure workplace? If it was security sensitive space there would be no agents running amuck. | |
| ▲ | t-writescode 8 hours ago | parent | prev | next [-] | | Sigh. Anything that isn’t a default is optional by default. Anything that’s toggleable or configurable is optional. Security is, always, a trade off. It is hilariously common for private keys to work as a full identifier for a person, without concern of IP or anything of the sort. Should they? Maybe, maybe not, that’s the calculus of risk management; but victim-blaming the average person who is following best practices is a bad look. | |
| ▲ | grayhatter 8 hours ago | parent | prev [-] | | I'm a security eng and I've worked for both a FAANG and TS government contractor. Neither of them bothered with either of the of the stupid suggestions. IP restrictions prevent roaming, the point of working remotely via SSH. passwords are equally defeated by using an ssh agent, something I'd suggest everyone use. Then on top of that there's no reasonable threat model where something would be given unrestricted access to user env, but also be untrusted. If it can read from ~/.ssh neither IP protection nor keyfile password protection will protect you from maleficence. The only reasonable response from a security perspective is don't use grok, then use it sandboxed. Trying to claim it's the users fault for not using password protection and IP restrictions is completely nonsensical. Same energy as telling someone their computer is more secure when it's off. |
|
|
|
|
| ▲ | steve1977 9 hours ago | parent | prev [-] |
| Well, those ssh keys are protected by a strong passphrase, right? |
| |
| ▲ | hoppp 8 hours ago | parent [-] | | The passphrase is optional, not everyone has it. It also has to be a secure password, people often don't care because it's a local file and generally not exposed to the internet. | | |
| ▲ | cute_boi 7 hours ago | parent [-] | | I am sure majority of people don't use password for ssh keys. The good solution is to use password manager like 1password which will prompt you to approve ssh. |
|
|