Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Jon Ciesla limb at jcomserv.net
Wed Oct 12 18:57:41 UTC 2011 

> On Wed, 2011-10-12 at 13:25 -0500, Jon Ciesla wrote:
>> > On Wed, 2011-10-12 at 13:06 -0500, Jon Ciesla wrote:
>> >> > On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
>> >> >> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
>> >> >> > On 12 October 2011 17:44, Kevin Fenzi <kevin at scrye.com> wrote:
>> >> >> > > All existing users of the Fedora Account System (FAS) at
>> >> >> > > https://admin.fedoraproject.org/accounts are required to
>> change
>> >> >> their
>> >> >> > > password and upload a NEW ssh public key before 2011-11-30.
>> >> >> >
>> >> >> > I have to upload a *new* public key? Why should I have two sets
>> of
>> >> >> keys?
>> >> >>
>> >> >> Meant 'replacement'. You can only have one key in FAS, afaict.
>> >> >
>> >> >
>> >> > You can have more than one. Just paste them in place all together.
>> >> >
>> >> >
>> >> > And we're verifying key changes by checking the fingerprint of the
>> >> > pubkeys vs your prior ones.
>> >>
>> >> It's really not a huge hassle.  I've already done it.  I configured
>> the
>> >> .ssh/config files where I needed to, and it doesn't conflict with any
>> >> other keys I have.  I don't get what the big deal is.  The disruption
>> >> is,
>> >> like, five minutes of work.  The potential benefit is unknown, but
>> >> certainly not zero.
>> >>
>> >> Why wait for a breach to do this?   This is a perfect time.  Doing it
>> >> after the 2008 breach was wise.  This is better.
>> >
>> > A breach won't compromise my actual keys even if it happened now or a
>> > year ago.
>>
>> Unless the breach alters a package that gets pushed to your machine and
>> snarfs your keys.  </devilsadvocate>
>
> That's possible, at which point I will have to change all my keys.
> But unless the machine is reinstalled first, it will make no difference,
> new keys will be snarfed again as soon as they are created.
>
>> > Plus there are limitations on how many keys (and passpharases I can
>> > remember, especially for stuff I use less often).
>>
>> keepassx.
>
> By rule ssh and gpg keys passphrases exist only in my memory.
> No chance of writing them down.
>
>> > Plus there are limitation about how many keys ssh/ssh-agent can use
>> > before failing to log you in no matter what.
>>
>> If your client config knows what key to use for what host, and you know
>> the password, I fail to see the problem.  Plus, you could have multiple
>> keys, all with the same passphrase, for different things, should you so
>> desire.
>
> Using the same passphrase for different keys is the same as using the
> same password for different websites. If I am protecting the keys the
> same way I can as well use the same keys everywhere, unless projects set
> up insane rules about how to handle my own keys.

I wasn't suggesting it was a good idea, I was suggesting that it was a
tradeoff one could make in favor of convenience.  I don't, personally.

-J

> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>


-- 
in your fear, seek only peace
in your fear, seek only love

-d. bowie

More information about the devel mailing list