←back to thread

Sign arbitrary data with your SSH keys

(www.agwa.name)
637 points h1x | 1 comments | 13 Nov 21 09:13 UTC | HN request time: 0s | source
Show context
pizza ◴[13 Nov 21 10:03 UTC] No.29208734[source]
I get that they're "public" keys, but I was surprised to learn (and from somebody other than github themselves) that ssh public keys are just available at that github.com/username.keys URL (without there being an option to disable it, it seems?). Did most people already know that? Probably fine but just surprised. Just tried searching their authentication docs [0] and I don't get any results for "public key url" either

https://docs.github.com/en/authentication?query=public+key+u...

replies(26): >>29208748 #>>29208752 #>>29208754 #>>29208768 #>>29208790 #>>29208806 #>>29208828 #>>29208856 #>>29208877 #>>29208909 #>>29208990 #>>29209073 #>>29209103 #>>29209113 #>>29209243 #>>29209399 #>>29209634 #>>29210045 #>>29210085 #>>29210460 #>>29211355 #>>29211357 #>>29211783 #>>29212241 #>>29212499 #>>29213083 #
surfsvammel ◴[13 Nov 21 10:47 UTC] No.29208909[source]
It’s very handy. I use it often. Whenever I, or someone else, need to add my public key to a server somewhere, that’s where I get it from.
replies(1): >>29208957 #
Hendrikto ◴[13 Nov 21 10:58 UTC] No.29208957[source]
Are you guys really using one SSH key for all services? That‘s really bad practice.
replies(3): >>29208974 #>>29208978 #>>29210457 #
throwaway894345 ◴[13 Nov 21 11:05 UTC] No.29208978[source]
You can put multiple SSH keys on GitHub.
replies(1): >>29208992 #
Hendrikto ◴[13 Nov 21 11:09 UTC] No.29208992[source]
Not what I am talking about.

I am talking about using the same key pair for two different things. E.g. GitHub and GitLab

replies(3): >>29209046 #>>29209269 #>>29209289 #
1. chousuke ◴[13 Nov 21 12:21 UTC] No.29209269[source]
Using different keys for different services is overkill most of the time.

Generally you need to have one key per host that you use (or per any storage location). You can use separate keys for separate services is if you for eg. privacy reasons don't want to associate the same identity with both services, but that's a personal choice, not something that improves security.