Re: Debian Server restored after Compromise

To: debian-project@lists.debian.org
Subject: Re: Debian Server restored after Compromise
From: Steve Kemp <skx@debian.org>
Date: Thu, 13 Jul 2006 21:20:08 +0100
Message-id: <[🔎] 20060713202007.GA31834@steve.org.uk>
In-reply-to: <[🔎] 20060713181827.GA4595@localhost.localdomain>
References: <20060713175452.GS1655@finlandia.home.infodrom.org> <[🔎] 20060713181827.GA4595@localhost.localdomain>

On Thu, Jul 13, 2006 at 08:18:27PM +0200, Bas Zoetekouw wrote:

> > An investigation of developer passwords revealed a number of weak
> > passwords whose accounts have been locked in response.
> 
> That's not good.  
> Should we maybe implement a stricter password policy?  Or maybe only
> allow pubkey ssh authentication?

  Definitely a good idea.

  We already trust users to maintain their GPG key securely, so
 adding the requirement they do the same with an SSH keypair isn't
 anything more difficult.

Steve
--

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Debian Server restored after Compromise
  - From: Aurelien Jarno <aurelien@aurel32.net>

References:
- Re: Debian Server restored after Compromise
  - From: Bas Zoetekouw <bas@debian.org>

Prev by Date: Re: Update on compromise of gluck.debian.org, lock down of other debian.org machines
Next by Date: Re: Update on compromise of gluck.debian.org, lock down of other debian.org machines
Previous by thread: Re: Debian Server restored after Compromise
Next by thread: Re: Debian Server restored after Compromise
Index(es):
- Date
- Thread