[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Server restored after Compromise

Steve Kemp wrote:
On Thu, Jul 13, 2006 at 08:18:27PM +0200, Bas Zoetekouw wrote:

An investigation of developer passwords revealed a number of weak
passwords whose accounts have been locked in response.
That's not good. Should we maybe implement a stricter password policy? Or maybe only
allow pubkey ssh authentication?

  Definitely a good idea.

  We already trust users to maintain their GPG key securely, so
 adding the requirement they do the same with an SSH keypair isn't
 anything more difficult.

Like having both public and private SSH keys on gluck.d.o?

  .''`.  Aurelien Jarno	            | GPG: 1024D/F1BCDB73
 : :' :  Debian developer           | Electrical Engineer
 `. `'   aurel32@debian.org         | aurelien@aurel32.net
   `-    people.debian.org/~aurel32 | www.aurel32.net

Reply to: