Not only generating private keys using an untrusted third-party, but sending them in the clear over http? Nice. I wonder where all these people are who are clever enough to need an SSH key, but too stupid to type ssh-keygen -t dsa?

I wouldn’t be surprised if this was some minor social engineering attempt; the server owner has access to the IPs as well as SSH keys, so it would be simple for h(im|er) to attack that IP by trying to log in with the SSH key he generated from it.

Next up: enter all your personal information to create 1 unique hash to identify yourself anywhere in the world.

Filed under: pwned, security, ugh