Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Henrik Nordström henrik at henriknordstrom.net
Wed Oct 12 20:12:54 UTC 2011 

ons 2011-10-12 klockan 13:49 -0600 skrev Kevin Fenzi:

> If you can't change your token, then I would posit you have a problem.
> What if you KNEW your private key was compromised? Surely there is a
> way to generate a new one... 

I can change it, but it means changing it for all sytems I access using
that SSH token, not only Fedora. And as hard token keys is not easily
compromised without the token as such being stolen it's not something
you normally do.

A compromise of the hard token key without the token as such being
stolen together with the access code would require a bruteforce of the
RSA key in question.

> Please feel free to jump in and help code such changes. :) 
> We are a open source infrastructure and I'm sure patches and ideas even
> would be welcome. 

Point taken. And something I been considering many times but not gotten
the whole way to doing. Getting there is quite far away for someone not
already woring on the infrastructure.

The tools needed already esists. The question is how to get the
infrastructure to use them.

> > But even then, the security of Fedora accounts is no stronger than the
> > security of the email associated with an account. Quite pointless to
> > try to bolster the security very high when all that is needed to take
> > over a standard Fedora account is to have access to the email
> > (account or traffic) of the Fedora account. Sure, a full account
> > takeover is more likely to get noticed than a stolen password, but it
> > still sets the level of expected security.
> 
> Yeah, ideally we would do more here with gpg. 

Yes. Once there is a GPG or SSH key installed in the FAS account then
those should take preference over the email as "account owner key", and
resetting the account should not be possible with a plain text email
alone. If the GPG and SSH keys is both lost then administrator action
should be needed to reset the account and verifying credibility of the
account owner.

Regards
Henrik

More information about the devel mailing list