Description
The eight publicly-served sections under `/docs/{section}` at hydraneck.experiencenet.com include operator-style commands that reveal SSH usernames per host:
- `ssh root@hydraneck.experiencenet.com ...`
- `ssh ubuntu@hydraguard.experiencenet.com ...`
Leaks today were minimized in v0.9.29 (literal IPs replaced with DNS names) but the usernames are still exposed. Not a credential leak — SSH brute force still needs actual credentials — but it does eliminate user-enumeration as a step for any attacker probing the perimeter.
## Options
1. **Split docs by audience**: partner-facing (no operator commands) and operator-facing (private). Keeps the value of the operator commands but removes them from the public surface. Higher effort.
2. **Generic placeholders**: rewrite operator commands as `ssh <operator>@<host> ...` with a note that operators have their own SSH config. Low effort, less useful.
3. **Leave it**: industry-standard practice for public ops docs. Lowest effort.
User triaged today as `ok for now` (2026-05-11 conversation, hydraneck v0.9.29 deploy). Filed for tracking; revisit later if posture tightens.