Re: ssh private keys on our systems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



i'm an Infra n00b, but definitely +1 out of good practice.

On Thu, Sep 29, 2011 at 3:21 PM, Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote:
> On Thu, 2011-09-29 at 15:16 -0400, seth vidal wrote:
>> Hi,
>>
>> I'd like to put a new policy in place which goes something like this:
>>
>> If you upload your private keys (encrypted or not) we will remove them,
>> then we will remove your public keys from FAS and force you to login and
>> give a new one in FAS.
>>
>> We do the last step on the basis that your private key, being on a
>> networked, multi-user machine is now exposed to the world and
>> potentially compromised. So we can no longer trust it.
>>
>> thoughts?
>
> +1
>
>
> _______________________________________________
> infrastructure mailing list
> infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEABECAAYFAk6Ex0sACgkQJpuv2DHZ/HrNyACgl9OgeUdU7SLMkGyWjhrL1Et2
1EoAn1yTmWyFWJ2NIQBl0xDIMO4VbZ+X
=xdYy
-----END PGP SIGNATURE-----
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux