Is there a safe way use a private key from a shared server?

Considering your explanation:

I'm not worried about them seeing the contents of my GitHub repository - I'm concerned about them being about to use the private key to impersonate me and wipe our repo or clone other private repositories that aren't already copied onto the server.

You may consider using GitHub feature called read-only deploy key.

In a non-hostile environment you can use SSH agent forwarding, which lets you use the key on your client machine without the need to save it on a springboard server, but this method is exploitable by administrators.

If the machine you use as a springboard is controlled by a malicious admin, there is no way you can fully protect your key or your GitHub account.

Please mind that whatever method of protecting the key you use, the git command (which you might legitimately execute and authorise) could be replaced with a one doing harm.


As has been suggested, using a read-only deploy key is likely to be a useful approach, and I believe this is the most common solution.

If you use a key on your school's server which has read/write access to github, you can still make it a key which you don't use for anything other than that one repository, which limits its potential for abuse.

Alternatively (and better), here are two approaches which avoid the problems that are inherent in running the git client on your untrusted server:

  1. At the expense of more network traffic and delays, you could also do all of the git/ssh stuff from your workstation, while mounting the git repository files from the school server, onto your workstation, eg using sshfs. It's quite workable if you are close to the server you are working on, and requires an absolute minimum of complexity in setup.

  2. You could configure your school server's copy as another git repository, which you'd access over ssh. You'd set the copy on your laptop to have two remotes, so you push and pull to/from github as usual, and you only ever push to your school. Used like this, git is a very lightweight deployment protocol - probably lighter than rsync even, since it doesn't need to scan the whole file tree for changes. This would be my preferred approach so long as turning the school's copy into a git repository is not a problem, which probably also depends who else is working on it.

Tags:

Git

Ssh

Openssh

Related

Does the use of a smartphone's Secure Element really offer security benefits to a banking app? Who is responsible for revoking a certificate? What website accepts only TLS 1.2 so I can verify client capability? Access-control-allow-origin: * with a bearer token How to see when a HSTS domain is about to expire? DGA (Domain Generation Algorithm) - malwares Is the injection in a NoSQL database architecture also called SQL injection? Why is DARPA interested in secure messaging platform using blockchain technology? Check fingerprint for own self signed SSL certificate What should I do about Gmail ad asking me for password? Why do web sites show my iPhone using different IP addresses for HTTP and HTTPS (cellular only)? What is the use of TPM-based Bitlocker if the drive gets decrypted automatically?

Recent Posts