Re: Debian Server restored after Compromise
Steve Kemp wrote:
On Thu, Jul 13, 2006 at 08:18:27PM +0200, Bas Zoetekouw wrote:
That's not good.
Should we maybe implement a stricter password policy? Or maybe only
An investigation of developer passwords revealed a number of weak
passwords whose accounts have been locked in response.
allow pubkey ssh authentication?
Definitely a good idea.
We already trust users to maintain their GPG key securely, so
adding the requirement they do the same with an SSH keypair isn't
anything more difficult.
Like having both public and private SSH keys on gluck.d.o?
.''`. Aurelien Jarno | GPG: 1024D/F1BCDB73
: :' : Debian developer | Electrical Engineer
`. `' firstname.lastname@example.org | email@example.com
`- people.debian.org/~aurel32 | www.aurel32.net