On 11384 March 1977, Joerg Jaspert wrote: > all access to DebConf machines has been disabled as of a few minutes > ago. All passwords have been reset, all ssh keys deleted. > Also, all apaches stopped until we replaced all the ssl certificates > (today). All of it is now recovered. The web servers are running this yesterday evening already, and now you can also gain your login access back, if you want it. *ALL* ssh keys from users had been deleted, so you have to send new keys in.[1]. Note that DSA keys are forbidden, only RSA keys accepted. The system also checks for known bad keys and a key size of at least 1024 bit, and will reject such bad keys. If you need a password, like for sudo access, you need to get a new one too. https://db.debconf.org does have instructions on what to do for that. Note that all our SSL web servers do have new certificates. If you already added the new SPI certificate to your browser they should work out of the box, if not you might want to visit http://www.spi-inc.org/secretary and download the 2008 CA (soon in ca-certificates package in Debian).[2] There are still a few details here and there we admins have to fix, but most stuff, especially user visible stuff, is done now. A *big* thanks go to Mark and Stephen, who helped me a lot fixing this ssl "fun". [1] cat knowngoodsshkey.pub | gpg --clearsign | mail change@db.debconf.org [2] Could someone put it up on media.debconf.org too please? Thanks. -- bye, Joerg <liw> I'm a blabbermouth
Attachment:
pgpDny3gT0kFQ.pgp
Description: PGP signature