The www-data SSH key used by the webhook server to call AI services is a production credential. Compromise of that key means an attacker can call your AI services, potentially exfiltrate conversation data, or use your resources for unintended purposes.
Key Analysis
Broad SSH key authorization — where one key has access to everything the user can access — violates the principle of least privilege.
Per-service keys with minimum required permissions reduce blast radius: a compromised Kokoro service key cannot access Whisper or Ollama.
Detecting unauthorized SSH key additions is critical: an attacker who gains write access to ~/.ssh/authorized_keys can maintain persistent access even after the original vulnerability is patched.
Risk Signals
A single www-data SSH key with write access to all AI service directories.
No process for rotating SSH keys after personnel changes or suspected compromise.
No monitoring of authorized_keys files for unauthorized additions.
Action Items
Create per-service SSH keys with the minimum required permissions for each service.
Implement authorized_keys monitoring: alert on any addition or modification to authorized_keys files.
Establish a key rotation schedule (minimum: annually, or immediately after any personnel change).