zlacker

[return to "Ask HN: How do you safely give LLMs SSH/DB access?"]
1. Terr_+k5[view] [source] 2026-01-14 19:22:26
>>nico+(OP)
I imagine your best bet are exactly the same tools for a potentially-malicious human user: Separate user account, file permissions, database user permissions, etc.
◧◩
2. nico+xm[view] [source] 2026-01-14 20:14:53
>>Terr_+k5
This is probably the safest thing to do, also the most time consuming

It would be nice to just be able to solve it through instructions to the agent, instead of having to apply all the other things for each application/server/database that I'd like to give it access to

◧◩◪
3. ljm+qv[view] [source] 2026-01-14 20:41:02
>>nico+xm
Yeah but this is like exposing `sudo eval $input` as a web service and asking the clients to please, please, not do anything bad.

Can create scripts or use stuff like Nix, Terraform, Ansible or whatever to automate the provisioning of restricted read only accounts for your servers and DBs.

[go to top]