Re: More detail is needed
I'm guessing that the people stupid enough to upload their private keys are the kind of people that had their keygen process go like this:
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/dummy/.ssh/id_rsa): <enter>
Created directory '/Users/dummy/.ssh'.
Enter passphrase (empty for no passphrase): <enter>
Enter same passphrase again: <enter>
Your identification has been saved in /Users/dummy/.ssh/id_rsa.
Your public key has been saved in /Users/dummy/.ssh/id_rsa.pub.
The key fingerprint is:
c3:bb:2a:59:a6:3f:2e:12:e3:4f:36:ca:e9:c2:75:e0 dummy@antares.local
This is one of the widespread bad practices that is sometimes encouraged by some devs. Ditto with having unpassworded MySQL access under the guise of "well, nobody from the outside will ever get access to the box".