• 0 Posts
  • 6 Comments
Joined 1 year ago
cake
Cake day: November 23rd, 2023

help-circle





  • When authenticating with git over SSH, the private key should be considered secret and well protected.

    That means the corresponding public key that was uploaded to the git server is enough to authenticate and no username is required. However, a password protected privare key is possible and extra layers of security can be added to the authentication mechanism.

    As far as resource based attacks based on public key searching, I doubt many servers have significant enough public keys on a single host to even notice. Most repos are siloed and have specific teams/individuals assigned to them, so only a small number of public keys even gets loaded.

    I dont know enough about the server side mechanics to be sure, but imo the attack surface is pretty small.