|| ||seth vidal <skvidal-AT-fedoraproject.org> |
|| ||announce-AT-lists.fedoraproject.org |
|| ||Change in allowed-files policy on all fedora-maintained hosts |
|| ||Fri, 30 Sep 2011 00:17:16 -0400|
|| ||Article, Thread
In an ongoing effort to improve our security we have decided to disallow
any ssh private keys from being housed on any fedora-maintained system.
No user should have ever needed to upload an ssh private key, the public
keys are, of course just fine and required. However, on the off-chance
that someone has done this, we'll be performing audits of user homedirs
looking for ssh private keys.
If we find them we'll remove them and then remove the owning-user's ssh
public key from the Fedora Account System (FAS), forcing them to upload
a new one. We're taking this additional step to make sure that the
public key in FAS is not vulnerable due to their private key being
potentially exposed on a shared system.
You can refer to the allowable content section of the fedorapeople faq.
These rules (and more), apply to our administrative systems and home
Fedora Infrastructure Team
announce mailing list
to post comments)