Styjun

Am I legally required to provide a (GPL licensed) source code even after a project is abandoned?

What is that ceiling compartment of a Boeing 737?

How can I improve my violin intonation for enharmonic notes?

How can I take pictures like these examples with a yellowish tone and point & shoot film camera look?

One to Eleven Sum to Twenty Five

I found a password with hashcat but it doesn't work

In Street Fighter, what does the M stand for in M Bison?

Do details of my undergraduate title matter?

Why is Havana covered in 5-digit numbers in Our Man in Havana?

How much steel armor can you wear and still be able to swim?

How to write a nice frame challenge?

Counterfeit checks were created for my account. How does this type of fraud work?

Boundaries and Buddhism

Definition of 'vrit'

Why do you need to heat the pan before heating the olive oil?

Predict the product from the reaction

Math symbols in math operators

In the US, can a former president run again?

In a list with unique pairs A, B, how can I sort them so that the last B is the first A in the next pair?

What mathematical theory is required for high frequency trading?

Is Newton's third law really correct?

Got a new frameset, don't know why I need this split ring collar?

How would one carboxylate CBG into it's acid form, CBGA?

Kelvin type connection

Is it safe to use ssh keys generated inside of Docker as “fake” SSH keys?

How do I remove the passphrase for the SSH key without having to create a new key?Best way to use multiple SSH private keys on one clientHow to specify the private SSH-key to use when executing shell command on Git?Using SSH keys inside docker containerFrom inside of a Docker container, how do I connect to the localhost of the machine?Trouble setting up SSH keysHow to ssh to a docker container on ec2 ubuntu host from outside machineHow to use ssh key inside docker containerssh-add in a docker containerPermission denied error after adding SSH Key to Digital Ocean

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

1

0

I wanted simply to succeed a private key parser, and I just created ssh keys with ssh-keygen inside of a Docker container:

docker run -it --rm circleci/node:11
# Inside of docker
ssh-keygen
# Accepted default values
cat ~/.ssh/id_rsa
# And copied and used this value

Do these new keys contain any information about my machine (Outside of Docker)?

Is it dangerous if I share the content of that id_rsa?

I do not really need that the ssh key I use for my tests are functional, just that it complies with the private key parser.

docker ssh

share|improve this question

asked Mar 25 at 5:57

Camilo SampedroCamilo Sampedro

375619

add a comment | 

1

0

I wanted simply to succeed a private key parser, and I just created ssh keys with ssh-keygen inside of a Docker container:

docker run -it --rm circleci/node:11
# Inside of docker
ssh-keygen
# Accepted default values
cat ~/.ssh/id_rsa
# And copied and used this value

Do these new keys contain any information about my machine (Outside of Docker)?

Is it dangerous if I share the content of that id_rsa?

I do not really need that the ssh key I use for my tests are functional, just that it complies with the private key parser.

docker ssh

share|improve this question

asked Mar 25 at 5:57

Camilo SampedroCamilo Sampedro

375619

add a comment | 

I wanted simply to succeed a private key parser, and I just created ssh keys with ssh-keygen inside of a Docker container:

docker run -it --rm circleci/node:11
# Inside of docker
ssh-keygen
# Accepted default values
cat ~/.ssh/id_rsa
# And copied and used this value

Do these new keys contain any information about my machine (Outside of Docker)?

Is it dangerous if I share the content of that id_rsa?

I do not really need that the ssh key I use for my tests are functional, just that it complies with the private key parser.

docker ssh

share|improve this question

asked Mar 25 at 5:57

Camilo SampedroCamilo Sampedro

375619

docker run -it --rm circleci/node:11
# Inside of docker
ssh-keygen
# Accepted default values
cat ~/.ssh/id_rsa
# And copied and used this value

share|improve this question

asked Mar 25 at 5:57

Camilo SampedroCamilo Sampedro

375619

share|improve this question

asked Mar 25 at 5:57

Camilo SampedroCamilo Sampedro

375619

asked Mar 25 at 5:57

Camilo SampedroCamilo Sampedro

375619

asked Mar 25 at 5:57

Camilo SampedroCamilo Sampedro

375619

1 Answer
1

active

oldest

votes

1

I would argue that it's a dangerous practice in general, but as you've described the problem, the specific instance won't cause security issues.

An ssh RSA key is "just" a couple of numbers plus a comment string. (In much the same way that a physical house key is "just" a chunk of metal with some grooves and notches cut in it.) If you generated an RSA key pair, discarded the public key, and published the private key, it wouldn't be intrinsically dangerous, since that private key doesn't technically authenticate you to anything.

Still, if you're in the habit of publishing ssh private keys, it opens the possibility that at some point you'll publish a "real" key in your "normal" process, and that would be bad. I'd suggest that's not actually a best practice and you should treat every private key as though it had root permissions on your servers.

(This has nothing at all to do with Docker, except that if you ssh-keygen inside a container, it will usually live in the container-private filesystem and it will be a little harder to leak.)

share|improve this answer

answered Mar 25 at 11:09

David MazeDavid Maze

19.4k31733

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55331958%2fis-it-safe-to-use-ssh-keys-generated-inside-of-docker-as-fake-ssh-keys%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

1

I would argue that it's a dangerous practice in general, but as you've described the problem, the specific instance won't cause security issues.

An ssh RSA key is "just" a couple of numbers plus a comment string. (In much the same way that a physical house key is "just" a chunk of metal with some grooves and notches cut in it.) If you generated an RSA key pair, discarded the public key, and published the private key, it wouldn't be intrinsically dangerous, since that private key doesn't technically authenticate you to anything.

Still, if you're in the habit of publishing ssh private keys, it opens the possibility that at some point you'll publish a "real" key in your "normal" process, and that would be bad. I'd suggest that's not actually a best practice and you should treat every private key as though it had root permissions on your servers.

(This has nothing at all to do with Docker, except that if you ssh-keygen inside a container, it will usually live in the container-private filesystem and it will be a little harder to leak.)

share|improve this answer

answered Mar 25 at 11:09

David MazeDavid Maze

19.4k31733

add a comment | 

1

I would argue that it's a dangerous practice in general, but as you've described the problem, the specific instance won't cause security issues.

An ssh RSA key is "just" a couple of numbers plus a comment string. (In much the same way that a physical house key is "just" a chunk of metal with some grooves and notches cut in it.) If you generated an RSA key pair, discarded the public key, and published the private key, it wouldn't be intrinsically dangerous, since that private key doesn't technically authenticate you to anything.

Still, if you're in the habit of publishing ssh private keys, it opens the possibility that at some point you'll publish a "real" key in your "normal" process, and that would be bad. I'd suggest that's not actually a best practice and you should treat every private key as though it had root permissions on your servers.

(This has nothing at all to do with Docker, except that if you ssh-keygen inside a container, it will usually live in the container-private filesystem and it will be a little harder to leak.)

share|improve this answer

answered Mar 25 at 11:09

David MazeDavid Maze

19.4k31733

add a comment | 

I would argue that it's a dangerous practice in general, but as you've described the problem, the specific instance won't cause security issues.

An ssh RSA key is "just" a couple of numbers plus a comment string. (In much the same way that a physical house key is "just" a chunk of metal with some grooves and notches cut in it.) If you generated an RSA key pair, discarded the public key, and published the private key, it wouldn't be intrinsically dangerous, since that private key doesn't technically authenticate you to anything.

Still, if you're in the habit of publishing ssh private keys, it opens the possibility that at some point you'll publish a "real" key in your "normal" process, and that would be bad. I'd suggest that's not actually a best practice and you should treat every private key as though it had root permissions on your servers.

(This has nothing at all to do with Docker, except that if you ssh-keygen inside a container, it will usually live in the container-private filesystem and it will be a little harder to leak.)

share|improve this answer

answered Mar 25 at 11:09

David MazeDavid Maze

19.4k31733

share|improve this answer

answered Mar 25 at 11:09

David MazeDavid Maze

19.4k31733

answered Mar 25 at 11:09

David MazeDavid Maze

19.4k31733

answered Mar 25 at 11:09

David MazeDavid Maze

19.4k31733