On Wed, Dec 30, 2020 at 12:00:47AM +0100, Dominik 'Rathann' Mierzejewski wrote: > On Monday, 28 December 2020 at 03:38, Kevin Fenzi wrote: > > On Sun, Dec 27, 2020 at 06:43:23PM -0700, Ken Dreyer wrote: > > > On Thu, Dec 24, 2020 at 12:33 AM Dridi Boukelmoune > > > <dridi.boukelmoune@xxxxxxxxx> wrote: > > > > > > > > > The weakest point in the current system is really the FAS password. If > > > > > you have a packager's FAS password you can change the ssh key > > > > > associated with the account to another that you control, and the FAS > > > > > password is also all you need to run a build and submit it to Bodhi. > > > > > > > > Or you add an SSH key without removing the maintainer's keys on the > > > > off chance that it would go unnoticed... > > > > > > From what I can tell, the current implementation of FAS does not allow > > > more than one SSH key per user account. > > > > You can add more than one. Just put them in a file and upload all of > > them for 'ssh key' one key per line. There's a limit based on > > applications getting the ssh keys, but you can upload multiple keys > > fine. > > Is that documented somewhere? I was also under the impression that only > one key was permitted. If you click on the little [i] info thing next to ssh key when editing your account you can see: "Many resources require public key authentication to work. By uploading your public key to us, you can then log in to our servers. Type "man ssh-keygen" for more information on creating your key (it must be an RSA key). Once created you will want to upload ~/.ssh/id_rsa.pub. If you wish to login through several hosts, each with their own public key, you can create a concatenated file of public ssh keys and upload it in lieu of the individual ssh public key. "Warning: In case of having ECDSA key please upload the two types of keys because some of our servers may not accept ECDSA keys." " (The last thing there is wrong now... we have no rhel6 vm's left). kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
