Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
.ssh/id_dsa
OpenSSH DSA private key file (legacy)
What an attacker could do
This legacy DSA private key allows SSH impersonation of its owner where the public key is authorized; DSA's weak 1024-bit keys are also more susceptible to cryptographic attack, compounding the risk.
How to defend it
Remove DSA keys from any web-accessible path, migrate off DSA to Ed25519 or RSA, revoke the exposed key from all authorized_keys files, and enforce strict key file permissions.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation