$ ssh sshchat.hackclub.com 24 points by zachlatta 5y ago ↗ HN Try running the above in your terminal. Code is at https://github.com/quackduck/devzat.Built by 15 year old https://github.com/quackduck.
[–] quackduck 5y ago ↗ Thanks Zach! I'm Ishan, the guy who made this thing lol https://github.com/quackduck
[–] rkwasny 5y ago ↗ Do not run it if you use ssh-agent!Remember agent will forward all of your ssh keys to the untrusted server. [–] ArloL 5y ago ↗ Does this not require ForwardAgent to be enabled? [–] 002445 5y ago ↗ Yes it should only be a problem if ssh -A sshchat.hackclub.com is used to connect. [–] ktpsns 5y ago ↗ You mean like https://github.com/mag-.keys ? SSH public keys should not be secrets. [–] rkwasny 5y ago ↗ If you ssh into a host and use ssh-agent + `ForwardAgent Yes` - host can get your PRIVATE key. [–] GauntletWizard 5y ago ↗ They can't get your private key - But they can make use of it so long as you're connected. Definitely only enable `ForwardAgent` for hosts that you trust. [–] quackduck 5y ago ↗ Code is open source! I don't look at your public keys or private keys. I hash IPs so we have IDs that can't be tracked back to the IP. [–] phekunde 5y ago ↗ Instead of (just) downvoting him, why not correct him? Look at his age! [–] quackduck 5y ago ↗ Tell me more about how that works.
[–] ArloL 5y ago ↗ Does this not require ForwardAgent to be enabled? [–] 002445 5y ago ↗ Yes it should only be a problem if ssh -A sshchat.hackclub.com is used to connect.
[–] 002445 5y ago ↗ Yes it should only be a problem if ssh -A sshchat.hackclub.com is used to connect.
[–] ktpsns 5y ago ↗ You mean like https://github.com/mag-.keys ? SSH public keys should not be secrets. [–] rkwasny 5y ago ↗ If you ssh into a host and use ssh-agent + `ForwardAgent Yes` - host can get your PRIVATE key. [–] GauntletWizard 5y ago ↗ They can't get your private key - But they can make use of it so long as you're connected. Definitely only enable `ForwardAgent` for hosts that you trust.
[–] rkwasny 5y ago ↗ If you ssh into a host and use ssh-agent + `ForwardAgent Yes` - host can get your PRIVATE key. [–] GauntletWizard 5y ago ↗ They can't get your private key - But they can make use of it so long as you're connected. Definitely only enable `ForwardAgent` for hosts that you trust.
[–] GauntletWizard 5y ago ↗ They can't get your private key - But they can make use of it so long as you're connected. Definitely only enable `ForwardAgent` for hosts that you trust.
[–] quackduck 5y ago ↗ Code is open source! I don't look at your public keys or private keys. I hash IPs so we have IDs that can't be tracked back to the IP. [–] phekunde 5y ago ↗ Instead of (just) downvoting him, why not correct him? Look at his age!
14 comments
[ 3.5 ms ] story [ 43.2 ms ] threadRemember agent will forward all of your ssh keys to the untrusted server.