A ssh server that knows who you are. $ ssh whoami.filippo.io(github.com)
44 pointsby modinfoa month ago4 comments
  • pseudohadamarda month ago
    It's an artefact of OpenSSH braindamage, like a WiFi device spraying probe requests OpenSSH sprays all of your keys to any server it connects to and then takes whatever the server responds with as the one to auth. There's a CVE for this, CVE-2016-20012, but the OpenSSH maintainers rejected it as by-design, https://github.com/openssh/openssh-portable/pull/270.
    • FiloSottilea month ago
      If that PR were merged, whoami.filippo.io would still work the same. It would just receive signed requests instead of queries.
  • gnabgiba month ago
    Popular in 2023 (240 points, 81 comments) https://news.ycombinator.com/item?id=34301768
  • fragmedea month ago
    Yes, but telling people to run

        ssh -o IdentityAgent=/dev/null -v  -o IdentityFile=/dev/null funky.nondeterministic.computer
    instead of just

         ssh funky.nondeterministic.computer
    is harder to sell.
    • locke3891a month ago
      For those that care about privacy, couldn't you just use an alias? alias ssh='ssh -o IdentityAgent=/dev/null -o IdentityFile=/dev/null -v' then you can do ssh funky.nondeterministic.computer and get the same functionality.
      • rurbana month ago
        Just add it to your .ssh/config file
  • seg_lola month ago
    It has downloaded every public key from github?

    I would use this trick to add them to my test clusters.