Removing private SSH key

[oudeismetis]

I noticed you had commited a private ssh key to your repo.

"I know. It was intentional." Sorry to bother you then. Feel free to ignore this PR. You know you can also secure private data while keeping it under source control.

"I didn't notice. What is this file? Is it a problem?" This can be a very bad thing

"I keep accidentally typing git add ., any way I can prevent that from being an issue?" There are a couple of steps you should take immediately:

1. Avoid commands like git add . and git add *. It's better to be more explicit when you can.
2. Assume your key is compromised. Unassociate it from any accounts you are using it for and generate a new key.
3. Store your keys in a location outside of your project.
4. Use a .gitignore file to prevent accidental commits of certain files.

Github also has a page about how to remove sensitive data from a repo.

Hope this PR finds you well

[gerth2]

Awesome catch, thanks! In this case, that was intentional (allows arbitrary PCs to upload new code to a beaglebone black). There is no sensitive info on that device, and it is never on the internet. As far as I know, this is ok from a security standpoint.

Still though, this is a great thing to do to people's repos, especially if they did it on accident. Thanks for taking the time to go through it!

[oudeismetis]

Good to know @gerth2 ! I'm actually finding a good number of repos with similar situations to yours. It's got me thinking about writing a blog post about "When you SHOULD add private keys to Github and how to do it properly"

Would love to hear any thoughts/opinions/challenges you've experienced as I start researching that.

[gerth2]

@oudeismetis Thanks!

I'll admit, this is a pretty special case I think. The device in question was under battery power, in a network isolated from the broader internet, and new users setting up the project were a frequent occurrence (many computers with the repo, deploying code to the same target). It was only ever turned on when someone who owned the system was physically present.

Basically, in this case, physical security & air gap provides the level of protection we deemed we needed. Adding the key to the repo save a few setup steps for new users In retrospect, the lack of sensitive data isn't a great argument because someone certainly could put their info accidentally onto the device. Still though, in order to access it, one would have to write malware targeted at one of our deploy PC's, which knows this key, activates itself for one of the short windows of time when the deploy target is active, grab the right things off the file system, then phone home when the deploy PC is back on the internet. Definitely feasible, but a lot of work for very little gain.

One of the things I hear when it comes to computer security a lot is simply "Don't be the lowest hanging fruit". If someone wants your data, and can pay enough money, eventually they'll find a way to get it (no matter how awesome you are at computer security). What makes you "safe" online is simply the fact that most malicious users are opportunistic, and not targeting you explicitly. As long as there's someone with higher-value data and less-robust security, the malicious user will go after them first.

Drawing from that, you should add a private key to a repo unless you understand your system of software well enough to know what the impact of a known private key does to your metaphorical "position on the tree". Usually, it's like leaving the key to your front door right next to the door, with a label that says "front door key". You'd have to have something else going for you, something on the level of an air gap, before I'd think it's worthwhile to open the private key to the world.

Anyhoo, hope that helps a bit!

[oudeismetis]

very helpful! Thanks @gerth2