Re: people.debian.org to move to ravel

To: debian-devel@lists.debian.org
Cc: Peter Palfrader <weasel@debian.org>
Subject: Re: people.debian.org to move to ravel
From: Lionel Elie Mamane <lionel@mamane.lu>
Date: Mon, 1 Sep 2008 11:29:31 +0200
Message-id: <[🔎] 20080901092931.GA17176@capsaicin.mamane.lu>
Mail-followup-to: Lionel Elie Mamane <lionel@mamane.lu>, debian-devel@lists.debian.org, Peter Palfrader <weasel@debian.org>
In-reply-to: <20080828193141.GK9633@anguilla.noreply.org>
References: <20080827120031.GA32039@intrepid.palfrader.org> <20080828071223.GC7061@dario.dodds.net> <20080828193141.GK9633@anguilla.noreply.org>

On Thu, Aug 28, 2008 at 09:31:41PM +0200, Peter Palfrader wrote:
> On Thu, 28 Aug 2008, Steve Langasek wrote:

>>> Ravel (...) Also, ssh logins are restricted to key based logins,
>>> password based logins are not allowed.

>> What's the reason for this authentication policy, which differs
>> from (AFAIK) all developer-public debian.org hosts to date?  Is
>> this a sign of a broader policy change coming down the line?

> It is.  Limiting an attacker's ability to easily jump from one
> compromised box to another is something we really want to have.  Not
> tomorrow, but eventually.

I'm not sure the no-passwords policy helps much by itself; I get the
impression people will just put a ssh key in their homes on Debian
machines and add it to the authorized keys in LDAP.

-- 
Lionel

Reply to:

Prev by Date: Re: [Fwd: Re: Debian Live Lenny Beta1]
Next by Date: Re: [Fwd: Re: Debian Live Lenny Beta1]
Previous by thread: Re: [Fwd: Re: Debian Live Lenny Beta1]
Next by thread: Re: people.debian.org to move to ravel
Index(es):
- Date
- Thread