How would they get my private key? I mean if they already have access to my private key on my computer then I have much bigger problems than them having access to the anyway public git repos.
Perhaps I’m misunderstanding the thread model you have, but isn’t ssh the standard way of accessing git repos because it is so much more secure compared to a username and password?
They can impersonate you and push code into the repos in your name with a high likelyhood of you not noticing it.
The typical hobby dev machine isn’t particularly secure and for sure less secure than the typical server. Accessing everything from there with a single key is a pretty gaping security hole IMHO.
There seems to be this common misconception that ssh keys are more secure than passwords, but that is only true when you use really weak passwords that you keep in your head instead of a password manager.
If you want to actually increase your security then you need to set up a second factor auth with a seperate device.
How would they get my private key? I mean if they already have access to my private key on my computer then I have much bigger problems than them having access to the anyway public git repos.
Perhaps I’m misunderstanding the thread model you have, but isn’t ssh the standard way of accessing git repos because it is so much more secure compared to a username and password?
They can impersonate you and push code into the repos in your name with a high likelyhood of you not noticing it.
The typical hobby dev machine isn’t particularly secure and for sure less secure than the typical server. Accessing everything from there with a single key is a pretty gaping security hole IMHO.
There seems to be this common misconception that ssh keys are more secure than passwords, but that is only true when you use really weak passwords that you keep in your head instead of a password manager.
If you want to actually increase your security then you need to set up a second factor auth with a seperate device.