Proposal for action: SSH Key, User Cert and Password Flag Day

seth vidal skvidal at
Mon Sep 12 15:02:01 UTC 2011

Given recent events in the linux-y world I think it might do us a
service to impose an ssh-key, user cert and password enforced change
flag day.

The idea would be everyone would be required to change their passwords,
ssh keys and any user certs they have before being allowed to do
anything else on our systems.

Anyone failing to change them would  be locked out after a specific

In particular I would like to make sure that ssh keys get changed - so
much so that I would want to keep a copy of the existing ssh keys and
verify that the new one does not match the old one before allowing it to
be used.

I'd like to discuss the efficacy and timing of this. If anyone has
perspective that is helpful, please share it.

I think this should be done soon, personally.


More information about the infrastructure mailing list