Greetings. Here's what I have so far on an announcement for the mass password change/ssh key change. Suggestions for improvement very welcome. In particular more resources we could point people to, or common questions you think people will come up with that we could answer would be great. Also, we need to decide what exactly we do to accounts that fail to meet the deadline. Are we just marking them inactive? Do we have any way to force them to change the password and upload a new key if they reactivate the account? kevin -- DRAFT DRAFT DRAFT Subject: IMPORTANT: Manditory password and ssh key change by 2011-11-30 Summary: All existing users of the Fedora Account System (FAS) at https://admin.fedoraproject.org/accounts are required to change their password and upload a NEW ssh public key by 2011-11-30. Failure to do so may result in your account being marked inactive. Backgound and reasoning: This change event has NOT been triggered by any specific compromise or vulnerability in Fedora Infrastructure, rather we feel that due to the large number of high profile sites with security breaches in recent months that this is a great time for all Fedora contributors and users to review their security settings and move to "best practices" on their machines. Additionally, we are putting in place new rules for passwords to increase their entropy and make them less guessable. New Password Rules: * Nine or more characters with lower and upper case letters, digits and punctuation marks. * Ten or more characters with lower and upper case letters and digits. * Twelve or more characters with lower case letters and digits * Twenty or more characters with all lower case letters. * No maximum length. Some Do's and Don'ts: * NEVER store your ssh private key on a shared or public system. * ALWAYS use a strong passphrase on your ssh key. * if you must store passwords, use a application specifically for this purpose like revelation, gnome-keyring, seahorse, or keepassx. * Regularly apply your OSes security related updates. * Only use ssh agent forwarding when needed ( .ssh/config: "ForwardAgent no") * DO verify ssh host keys via dnssec protected dns. ( .ssh/config: "VerifyHostKeyDNS yes") * DO consider a seperate ssh key for Fedora Infrastructure. * Work with and use security features like SELinux and iptables. * Review the Community Standard Infrastructure security document (link below) Q&A: Q: My password and ssh private key are fine and secure! Can't I just skip this change? A: No. We very much hope everyone's password and ssh keys are fine, but we would like everyone to take this chance to review security and change things. In the event of a triggering event everyone will know the process. Q: Can I just change my password and re-upload my same ssh public key? Or upload a bogus ssh public key and then re-upload my old one? A: No. We will be checking to ensure that your ssh public key is different from your old one. Q: This is a hassle. How often is this going to happen? A: The last mass password change in Fedora was more than 3 years ago. Absent a triggering event, these mass changes will be infrequent. More reading: http://infrastructure.fedoraproject.org/csi/security-policy/en-US/html-single/ https://fedoraproject.org/wiki/Infrastructure_mass_password_update
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
