On Fri, Aug 22, 2014 at 12:49:59PM -0600, Kevin Fenzi wrote: > I think it would be nice to explore making our dist-git more secure. Since access to dist-git (e.g. ssh keys) is managed via FAS, initially FAS should require 2FA if you require 2FA for other services. This might already be a problem for current sudo 2FA if someone can just change the 2FA token using only the FAS password. I am not familiar enough with the internals of Fedora's 2FA. > I guess the highest level here would be just to require ssh key and > 2factor auth to push dist-git commits. That might really annoy > maintainers that push lots of commits though. For this SSH connection multiplexing might ease things, where you 2FA authenticate the initial connection can are allowed to push to repos as long as the initial connection is open. So it is not just an IP that is whitelisted (which might be accessible to multiple users, e.g. on conferences) but the connection. Regards Till _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure