Given recent events in the linux-y world I think it might do us a
service to impose an ssh-key, user cert and password enforced change
The idea would be everyone would be required to change their passwords,
ssh keys and any user certs they have before being allowed to do
anything else on our systems.
Anyone failing to change them would be locked out after a specific
In particular I would like to make sure that ssh keys get changed - so
much so that I would want to keep a copy of the existing ssh keys and
verify that the new one does not match the old one before allowing it to
I'd like to discuss the efficacy and timing of this. If anyone has
perspective that is helpful, please share it.
I think this should be done soon, personally.