[Slackbuilds-users] Private SSH key in the slackbuilds repository

Heinz Wiesinger pprkut at slackbuilds.org
Tue Jan 29 19:17:39 UTC 2013


As some of you might have heard or read already in the news,
there was an issue on GitHub where ssh private keys published
in public repos were exposed and searchable (More here:
http://www.securityweek.com/github-search-makes-easy-discovery-encryption-
keys-passwords-source-code )

As a consequence GitHub is now sending out notifications to all
affected users. If you have the slackbuilds repository mirrored
on GitHub it might be that you'll get such a notification as well.
The file in question is network/freenx/config/nomachine.id_dsa.key.

This key is the default key shipped with all NX clients, it's up
to the admin to decide to use a different one. But even if you
use the default key it's only used for the initial handshake, you
still need a valid user account after.

As such you can safely ignore the notification from GitHub. There
comes no harm from having this key publicly in our repo.

Grs,
Heinz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20130129/0d87b319/attachment.asc>


More information about the SlackBuilds-users mailing list