
The Key-Only SSH That Wasn't
My own CLAUDE.md said the fleet was key-only SSH. Seven of the boxes disagreed. A self-audit of documentation against reality turned up passwords in git, credentials in the wrong file, and a security posture I’d been asserting instead of enforcing.