bug: release ssh keys after delete accounts
did:plc:rlkxmeu3fevpzevkduvphfet opened this 8d ago 1 comments
did:plc:rlkxmeu3fevpzevkduvphfet opened 8d ago
Maybe also related to https://tangled.org/tangled.org/core/issues/257 there is a comment where same thing happened. I think the ssh keys needs a bit of care.
Since not every key are disposable (I use a gpg smartcard, having same ssh pub key for years) after delete the account the ssh key still active and prevents me to use it within another account, still trying to authenticate as the deleted account.
How to reproduce:
- Make an account (lets say
did:plc:123) 1.1. Add an ssh pub key 1.2. Test it / auth / validate:
ssh -T git@tangled.org
Hi @did:plc:123 ...- Delete that account (for some reason,you figured you already have a handler from bsky and you dont need a duplicated account) 2.1. Try to auth using ssh after having account deleted:
ssh -T git@tangled.org
Hi @did:plc:123 ...I assume this shouldnt work, we should release/delete everything that was associate to the deleted account
- Make a new one or login using atproto (lets say
did:plc:456) 3.1. Add the same ssh pub key (it can be added just fine) 3.2. Test it / auth / validate:
ssh -T git@tangled.org
Hi @did:plc:123 ... I expect to see did:plc:456
No activity yet.