On Wednesday, 12 May 2021 23:35:44 EEST Ben Cotton wrote:
* it has been suggested that making it easier to import SSH keys
popular code hosting platforms (Pagure, GitHub, GitLab, etc.) could
provide a nice alternative to the dropped option -
Make a plugin interface for adding additional methods to obtain public keys as
there are a lot different sources for those. Fedora itself has tools for PKI
and public key based security and it would be quite low hanging fruit to fill
the gap between those components, in cases like this.
Problem itself is old one and there are known solutions for it:
Maybe that plugin slot should have some callbacks to information for user
interface - like hierarchial selection of country/organization and UI-labels
to build an user interface for user, allowing to select right source of keys.
For example, my public key is available from public source:
ldapsearch -x -h ldap.fineid.fi -b dmdName=fineid,c=fi
Ideally I would just choose country, trust provider and insert my unique
serial number, and tadaa - a root access granted. Now I have to do that
The change itself is needed, take a look what happens at your network
connected host's /var/log/secure - it's a constant flow of intrusion attempts.