Take care of your SSH identities
Did you know that your ssh Client sends the server all your public keys, one by one, until the server accepts one, when you try to authenticate via public key?
Don't believe me? Try it out yourself:
ssh whoami.filippo.io
Someone could use this to find out which public keys you have installed on your Client. You don't what this, don't you? So how can we avoid the leak of our Clients Public Keys? There is an easy fix, just add this at the end of your ~/.ssh/config
file:
Host *
PubkeyAuthentication no
IdentitiesOnly yes
Also make sure you don't use just one key for all connections. I hope don't use one password for all your logins - so why should you use one key for all your logins?
It is recommended to use one specific key for each host:
Host github.com
PubkeyAuthentication yes
IdentityFile ~/.ssh/github_id_ed25519