Skip to Content [alt-c]


In reply to whoarethey: Determine Who Can Log In to an SSH Server

Reader Samuel BF on 2023-01-11 at 23:08:

2 remarks for OSINT hackers :

- gitlab also lists public keys of users ( ). It can make the database more comprehensive and may reveal matching between accounts on several platforms (de-anonymisation). I have not searched other forges.

- for GPG-backed SSH keys, you can retrieve SSH public key with --generate-ssh-key ( ). Now, you have email addresses in your database.

All in all, these API represent a significant leak of PII !


Post a Reply

Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with > are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim (good for code).
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.
  • Use the Preview button to check your formatting.