Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
simo at redhat.com
Wed Oct 12 18:40:46 UTC 2011
On Wed, 2011-10-12 at 13:25 -0500, Jon Ciesla wrote:
> > On Wed, 2011-10-12 at 13:06 -0500, Jon Ciesla wrote:
> >> > On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
> >> >> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
> >> >> > On 12 October 2011 17:44, Kevin Fenzi <kevin at scrye.com> wrote:
> >> >> > > All existing users of the Fedora Account System (FAS) at
> >> >> > > https://admin.fedoraproject.org/accounts are required to change
> >> >> their
> >> >> > > password and upload a NEW ssh public key before 2011-11-30.
> >> >> >
> >> >> > I have to upload a *new* public key? Why should I have two sets of
> >> >> keys?
> >> >>
> >> >> Meant 'replacement'. You can only have one key in FAS, afaict.
> >> >
> >> >
> >> > You can have more than one. Just paste them in place all together.
> >> >
> >> >
> >> > And we're verifying key changes by checking the fingerprint of the
> >> > pubkeys vs your prior ones.
> >> It's really not a huge hassle. I've already done it. I configured the
> >> .ssh/config files where I needed to, and it doesn't conflict with any
> >> other keys I have. I don't get what the big deal is. The disruption
> >> is,
> >> like, five minutes of work. The potential benefit is unknown, but
> >> certainly not zero.
> >> Why wait for a breach to do this? This is a perfect time. Doing it
> >> after the 2008 breach was wise. This is better.
> > A breach won't compromise my actual keys even if it happened now or a
> > year ago.
> Unless the breach alters a package that gets pushed to your machine and
> snarfs your keys. </devilsadvocate>
That's possible, at which point I will have to change all my keys.
But unless the machine is reinstalled first, it will make no difference,
new keys will be snarfed again as soon as they are created.
> > Plus there are limitations on how many keys (and passpharases I can
> > remember, especially for stuff I use less often).
By rule ssh and gpg keys passphrases exist only in my memory.
No chance of writing them down.
> > Plus there are limitation about how many keys ssh/ssh-agent can use
> > before failing to log you in no matter what.
> If your client config knows what key to use for what host, and you know
> the password, I fail to see the problem. Plus, you could have multiple
> keys, all with the same passphrase, for different things, should you so
Using the same passphrase for different keys is the same as using the
same password for different websites. If I am protecting the keys the
same way I can as well use the same keys everywhere, unless projects set
up insane rules about how to handle my own keys.
Simo Sorce * Red Hat, Inc * New York
More information about the devel