[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

on .ssh/authorized_keys files

The use of ~user/.ssh/authorized_keys files has been disabled since
DSA1571 was announced.  While our initial plan was to allow them
again eventually some bad experience with DDs' key handling has
led us to reconsider that intent.

So ~user/.ssh/authorized_keys will remain disabled.

If you want to login to debian.org hosts using keys you should send them
to the LDAP as outlined at <URL:https://db.debian.org/doc-mail.html>,
which allows us to do at least some quality control.

Should you need keys only on specific hosts for automated tasks like
updating stuff or syncing files between project machines or similar
we can enable a user editable authorized_keys file for specific users
on specific hosts.  Usually we would expect those keys to be limited
to use only from certain hosts (using from="<xyz>") and limited to
allow execution of only certain commands (using command="<foobar").
Contact DSA if you have such a case.

Your sysadmins

Attachment: signature.asc
Description: Digital signature

Reply to: