> On Wed, 2011-10-12 at 13:06 -0500, Jon Ciesla wrote: >> > On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote: >> >> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote: >> >> > On 12 October 2011 17:44, Kevin Fenzi <kevin@xxxxxxxxx> wrote: >> >> > > All existing users of the Fedora Account System (FAS) at >> >> > > https://admin.fedoraproject.org/accounts are required to change >> >> their >> >> > > password and upload a NEW ssh public key before 2011-11-30. >> >> > >> >> > I have to upload a *new* public key? Why should I have two sets of >> >> keys? >> >> >> >> Meant 'replacement'. You can only have one key in FAS, afaict. >> > >> > >> > You can have more than one. Just paste them in place all together. >> > >> > >> > And we're verifying key changes by checking the fingerprint of the >> > pubkeys vs your prior ones. >> >> It's really not a huge hassle. I've already done it. I configured the >> .ssh/config files where I needed to, and it doesn't conflict with any >> other keys I have. I don't get what the big deal is. The disruption >> is, >> like, five minutes of work. The potential benefit is unknown, but >> certainly not zero. >> >> Why wait for a breach to do this? This is a perfect time. Doing it >> after the 2008 breach was wise. This is better. > > A breach won't compromise my actual keys even if it happened now or a > year ago. Unless the breach alters a package that gets pushed to your machine and snarfs your keys. </devilsadvocate> > Plus there are limitations on how many keys (and passpharases I can > remember, especially for stuff I use less often). keepassx. > Plus there are limitation about how many keys ssh/ssh-agent can use > before failing to log you in no matter what. If your client config knows what key to use for what host, and you know the password, I fail to see the problem. Plus, you could have multiple keys, all with the same passphrase, for different things, should you so desire. > Compound all this. > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > -- in your fear, seek only peace in your fear, seek only love -d. bowie -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
