Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[] Storing private keys in Git


You may have heard the story[1] where hundreds of SSH private keys were stored in Github repositories. With the private key, anyone who knows the hostname and the user ID can access the target computer, unchallenged.

Someone has discovered SSH private keys on

Since User IDs and server names are not at all hidden at, I'd like to remind you that it's extremely important to ensure you do not store your keys in Git repositories.  Many committers have shell accounts, which could potentially be dangerous.

Thank you for being extra vigilant with the care of your keys.



Denis Roy
Director, IT Services
Eclipse Foundation, Inc. --
Office: 613.224.9461 x224 (Eastern time)


Back to the top