Skip to Content [alt-c]
In reply to whoarethey: Determine Who Can Log In to an SSH Server
2 remarks for OSINT hackers :
- gitlab also lists public keys of users ( https://docs.gitlab.com/ee/api/users.html#list-ssh-keys-for-user ). It can make the database more comprehensive and may reveal matching between accounts on several platforms (de-anonymisation). I have not searched other forges.
- for GPG-backed SSH keys, you can retrieve SSH public key with --generate-ssh-key ( https://www.gnupg.org/faq/whats-new-in-2.1.html#sshexport ). Now, you have email addresses in your database.
All in all, these API represent a significant leak of PII !
Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
>
monospaced
Post a Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.