Change in allowed-files policy on all fedora-maintained hosts
seth vidal
skvidal at fedoraproject.org
Fri Sep 30 04:17:16 UTC 2011
In an ongoing effort to improve our security we have decided to disallow
any ssh private keys from being housed on any fedora-maintained system.
No user should have ever needed to upload an ssh private key, the public
keys are, of course just fine and required. However, on the off-chance
that someone has done this, we'll be performing audits of user homedirs
looking for ssh private keys.
If we find them we'll remove them and then remove the owning-user's ssh
public key from the Fedora Account System (FAS), forcing them to upload
a new one. We're taking this additional step to make sure that the
public key in FAS is not vulnerable due to their private key being
potentially exposed on a shared system.
You can refer to the allowable content section of the fedorapeople faq.
https://fedoraproject.org/wiki/Infrastructure/fedorapeople.org#Allowable_content
These rules (and more), apply to our administrative systems and home
directories.
Thank You,
Fedora Infrastructure Team
More information about the announce
mailing list