zlacker

[parent] [thread] 2 comments
1. thewat+(OP)[view] [source] 2023-04-06 12:28:55
> You don't need "run as administrator" for that.

This is what makes it so doable since you don't need any privilege escalation.

The reason why this is a big deal for a lot of people is your ssh keys will give you access to your git repos and other servers unless you have them password protected or use gpg/sk ssh keys which I think a lot of people don't do.

And of course if you can see the known hosts file/bash_history you'll likely have access to more servers to propagate to.

Also things like your browser cache is stored there.

replies(1): >>0x457+aS1
2. 0x457+aS1[view] [source] 2023-04-06 21:20:52
>>thewat+(OP)
Plenty of dangerous things stored in `~/`, they don't even need password for ssh-key if there is ssh-agent running (this is in case of dangerous process running, not just upload).

This is why I store keys on a hardware key that requires me to touch it when used and manually start ssh-agent when doing a lot of `git push`.

replies(1): >>thewat+dC4
◧◩
3. thewat+dC4[view] [source] [discussion] 2023-04-07 18:35:16
>>0x457+aS1
Yeah gpg/sk ssh keys are definitely the way to go.
[go to top]