Back to all scenarios
Scenario #277
Security
Kubernetes v1.20, On-Prem

Container With Hardcoded SSH Keys

A base image included hardcoded SSH keys which allowed attackers lateral access between environments.

Find this helpful?
What Happened

A developer reused a base image with an embedded SSH private key. This key was used across environments and eventually leaked.

Diagnosis Steps
  • 1Analyzed image layers with Trivy.
  • 2Found hardcoded private key in /root/.ssh/id_rsa.
  • 3Tested and confirmed it allowed access to multiple systems.
Root Cause

Insecure base image with sensitive files included.

Fix/Workaround
• Rebuilt images without sensitive content.
• Rotated all affected SSH keys.
Lessons Learned

Never embed sensitive credentials in container images.

How to Avoid
  • 1Scan images before use.
  • 2Use multistage builds to exclude dev artifacts.
Previous ScenarioNext Scenario