Wouldn't this give Facebook indirect control over your server? If Facebook wanted to they could just ban your account. Or change your password. Also it is far more likely that a hacker is going to gain access to your Facebook account over well protected SSH.

In this specific case, yes. But this is a specific, fun, "try out a server" thing.

In "real life" you can setup SSH to fall back to other methods. See the howtos for setting up 2-Factor Auth[1] for example.

[1] https://www.digitalocean.com/community/tutorials/how-to-set-...

I think the idea is that you would use their service to specify the authentication method, and they would provide the ability to log in via that specification. They aren't forcing you to use FB; it is merely a demo of one of many authentication methods they'd be able to let you choose from:

> an experiment where you can share your servers with your friends by using Facebook as the authentication mechanism. It’s a quick way to show how versatile the ScaleFT authentication platform can be: Give us a reliable authentication mechanism, and we can log you into a server with it.

Still. The idea that it is a service means that you are still handing over indirect control.

Hey, one of the founders of ScaleFT here.

You're absolutely right that when you're using ScaleFT you're trusting both us (as operators of the CA) and your identity provider (in this case Facebook, but we have a bunch of other options more suitable for most businesses).

Handing over control isn't necessarily a bad thing. For example, I trust Google to operate a secure and reliable email service much more than I trust myself, leaving me to focus on my area of expertise. But trust is a complex thing and there are certainly situations where handing control to any third party is unacceptable.

For organizations that require complete control we can integrate with any SAML or OpenID Connect identity system, and we offer an on-premise version of ScaleFT.

> I trust Google to operate a secure and reliable email service much more than I trust myself

Hopefully, Google would soon integrate features that let it auto-reply to your incoming messages. It can be trusted more, after all.

> I trust Google to operate a secure and reliable email service much more than I trust myself

This sentence has got nothing to do with trust. You believe (maybe rightly so) that Gmail is more secure and reliable than any solution that can be cobbled-up individually.

Simply replacing "believe" with "trust" doesn't really mean the same though. English is a funny language. But then again that's what you probably meant when you said "Trust is a complex thing". Hmmmm... :)

Tell me when the opposite happens, when I can use a key pair to login to Facebook.

and still have them ask for your phone number! . I'd also love if you could log in to Messages with a key pair

This sounds like a horrible idea.

This is yet another neat mechanism of giving up control. By using Google/Chrome, you inform Google of pretty much what you're doing. Now the same thing is being extended to ssh.

I think [1] is a better link, which actually explains how it works.

[1] https://coreos.com/blog/international-friendship-day.html

I'd downvote this if I had the points. It's anti-security to trust your SSH login to anyone.

You've got to be kidding me.

Facebook: All your servers are belong to us.

If this becomes popular, I will build a new internet.

Someone is even beating me to it. [1]

[1] https://news.ycombinator.com/item?id=12256866