2 comments

[ 3.9 ms ] story [ 31.1 ms ] thread
Who password protect they private SSH keys? Many. Who reads their own ~/.ssh/* before using command? Nobody. Lateral movement even with protected private keys.
If using someone else’s public key, I always check the key itself (it doesn’t take long, and it is easy to spot “problems” like these).

This is a nice little hack, but I don’t see it flourishing in the wild.