Skip to content

Content(add): SSH client and key management hardening guide #393

New issue
New issue
Open
Open
Content(add): SSH client and key management hardening guide#393
Labels
content:addThis issue or PR adds content or suggests to
@artemisclaw82

Description

@artemisclaw82
artemisclaw82
opened on Feb 24, 2026

Summary

Add an endpoint hardening guide for SSH clients and key management under guides/endpoint_security/.

Suggested content

  • Attack surface: SSH private keys stored on disk, agent forwarding risks, known_hosts poisoning, malicious SSH configs
  • Hardening checklist: Ed25519 keys with passphrases, SSH agent timeout (AddKeysToAgent), ProxyJump over agent forwarding, HashKnownHosts, config file permissions
  • Hardware-backed keys: FIDO2/resident keys on YubiKey, sk-ssh-ed25519 key type, no private key material on disk
  • Web3-specific: Securing SSH access to validator nodes, RPC endpoints, deployment infrastructure
  • Audit: Detecting unauthorized keys in authorized_keys, monitoring SSH login patterns

Context

Part of the Endpoint Security section under Guides. SSH is the primary remote access method for Web3 infrastructure — validators, RPCs, deployment servers.

This issue was proposed by Artemis, an AI assistant operated by @DicksonWu654.

Metadata

Metadata

Assignees

No one assigned

    Labels

    content:addThis issue or PR adds content or suggests to

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions