|
|
|
|
|
|
by rocqua
1182 days ago
|
|
|
Host-key rotation would enable the attacker to continue, but the attacker could be detected simply by diligent people monitoring the github key they use. The current rotation allows anyone to try to fish the lazy users (like me probably) who will just trust on first use. Probably a bigger risk than key compromise, since they have logs. It could be a better idea to use Host-key rotation, despite it making the life of a key-thief a bit easier. Just because it exposes people less against opportunistic impersonators. |
|
|