>Grab ssh private keys from autoprovisioned EC2 user’s home directory using 301 ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		luxoria on Aug 18, 2015 \| parent \| context \| favorite \| on: Multiple Vulnerabilities in Pocket >Grab ssh private keys from autoprovisioned EC2 user’s home directory using 301 redirect to file URI (after all, we’re running as root, we can read them). This is not a fair assumption to make. Maybe they are running a LSM like AppArmor.

skarap on Aug 18, 2015 [–]

What is more important - the existence of SSH private keys on the EC2 instances us unlikely... There is chance there are SSH private keys there, but they would most probably be SSH deploy keys for some private repo (configuration management, software).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact