lists.zerezo.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BOGO Re: people.debian.org to move to ravel

Date: Mon, 1 Sep 2008 11:29:31 +0200
From: Lionel Elie Mamane <lionel@xxxxxxxxx>
Subject: ***BOGO*** Re: people.debian.org to move to ravel

On Thu, Aug 28, 2008 at 09:31:41PM +0200, Peter Palfrader wrote:
> On Thu, 28 Aug 2008, Steve Langasek wrote:

>>> Ravel (...) Also, ssh logins are restricted to key based logins,
>>> password based logins are not allowed.

>> What's the reason for this authentication policy, which differs
>> from (AFAIK) all developer-public debian.org hosts to date?  Is
>> this a sign of a broader policy change coming down the line?

> It is.  Limiting an attacker's ability to easily jump from one
> compromised box to another is something we really want to have.  Not
> tomorrow, but eventually.

I'm not sure the no-passwords policy helps much by itself; I get the
impression people will just put a ssh key in their homes on Debian
machines and add it to the authorized keys in LDAP.

-- 
Lionel


-- 
To UNSUBSCRIBE, email to debian-devel-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

References:
- ***BOGO*** Re: people.debian.org to move to ravel
  - From: Steve Langasek
- Re: people.debian.org to move to ravel
  - From: Peter Palfrader

Prev by Date: ***BOGO*** Re: [Fwd: Re: Debian Live Lenny Beta1]
Next by Date: ***BOGO*** Re: [Fwd: Re: Debian Live Lenny Beta1]
Previous by thread: ***BOGO*** Re: transfering files between *.debian.org hosts
Next by thread: ***BOGO*** Re: people.debian.org to move to ravel
Index(es):
- Date
- Thread

lists.zerezo.com

***BOGO*** Re: people.debian.org to move to ravel

BOGO Re: people.debian.org to move to ravel