Re: Debian Server restored after Compromise

To: debian-project@lists.debian.org
Subject: Re: Debian Server restored after Compromise
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Thu, 13 Jul 2006 22:39:39 +0200
Message-id: <[🔎] 44B6AF8B.5020407@aurel32.net>
In-reply-to: <[🔎] 20060713202007.GA31834@steve.org.uk>
References: <20060713175452.GS1655@finlandia.home.infodrom.org> <[🔎] 20060713181827.GA4595@localhost.localdomain> <[🔎] 20060713202007.GA31834@steve.org.uk>

Steve Kemp wrote:

On Thu, Jul 13, 2006 at 08:18:27PM +0200, Bas Zoetekouw wrote:

An investigation of developer passwords revealed a number of weak
passwords whose accounts have been locked in response.
That's not good.Should we maybe implement a stricter password policy? Or maybe only
allow pubkey ssh authentication?


  Definitely a good idea.

  We already trust users to maintain their GPG key securely, so
 adding the requirement they do the same with an SSH keypair isn't
 anything more difficult.


Like having both public and private SSH keys on gluck.d.o?

--
  .''`.  Aurelien Jarno	            | GPG: 1024D/F1BCDB73
 : :' :  Debian developer           | Electrical Engineer
 `. `'   aurel32@debian.org         | aurelien@aurel32.net
   `-    people.debian.org/~aurel32 | www.aurel32.net

Reply to:

Follow-Ups:
- Re: Debian Server restored after Compromise
  - From: Thomas Viehmann <tv@beamnet.de>

References:
- Re: Debian Server restored after Compromise
  - From: Bas Zoetekouw <bas@debian.org>
- Re: Debian Server restored after Compromise
  - From: Steve Kemp <skx@debian.org>

Prev by Date: Re: Fundamental flaw in bug reporting system
Next by Date: Re: Debian Server restored after Compromise
Previous by thread: Re: Debian Server restored after Compromise
Next by thread: Re: Debian Server restored after Compromise
Index(es):
- Date
- Thread