ssh private keys on our systems
seth vidal
skvidal at fedoraproject.org
Thu Sep 29 19:16:03 UTC 2011
Hi,
I'd like to put a new policy in place which goes something like this:
If you upload your private keys (encrypted or not) we will remove them,
then we will remove your public keys from FAS and force you to login and
give a new one in FAS.
We do the last step on the basis that your private key, being on a
networked, multi-user machine is now exposed to the world and
potentially compromised. So we can no longer trust it.
thoughts?
Thanks,
-sv
More information about the infrastructure
mailing list