[micw]

"Failed publickey" - does this make sense? What is the chance to brute-force a private key that way?

[magnat]

If you haven't updated your Debian in a while, 1 in 30000 apparently: https://www.hezmatt.org/~mpalmer/blog/2024/04/09/how-i-tripp...

[apstls]

It could be key spraying, maybe targeting a particular organization with distributed infrastructure for which the attacker already has some keys, but more likely groups blasting default keys (i.e. for some crappy IoT devices that included them in the firmware etc) for a nice & quick botnet.

[iforgotpassword]

1. Scrape GitHub et al for accidentally committed private keys, maybe even get the appropriate username.

2. Run botnet that tries all these keys on the entire Internet.

3. Profit!

[ykonstant]

Why is GitHub not(?) hosting a flock of repos* with fake private keys/username pairs to annoy/deter those people?

*Flock because of the Cloud? What is the appropriate noun for many repos?

[micw]

Very good points in the comments, thank you a lot!