Re: Debian Server restored after Compromise
Aurelien Jarno wrote: Like having both public and private SSH keys on gluck.d.o? Quite frankly, I'm more surprised and concerned about people keeping their Debian GPG secret key on gluck. This poses serious questions about trusting the developer's technical aptitude and sense of responsibility. Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Server restored after Compromise
Hi martin! * martin f krafft [EMAIL PROTECTED] [2006-07-14 09:05]: As stated in the post, at least all those developers had their accounts locked. But they can get their account unlocked. Maybe adding no-gpg-secret-keys to DMUP might help. yours Martin -- [EMAIL PROTECTED] Debian GNU/Linux - The Universal Operating System NForcer Nene, sie mag keine Horrofilme.. Schnulzen fallen da mit drunter :)) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Server restored after Compromise
On Fri, 14 Jul 2006, martin f krafft wrote: As stated in the post, at least all those developers had their accounts locked. But shouldn't this be done by a dayly cron job that searches for secret keys on gluck and any other public Debian host each night? If the cron job would not really lock the account immediately it should at least send a warning mail to the admins. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Server restored after Compromise
On Thu, Jul 13, 2006 at 08:18:27PM +0200, Bas Zoetekouw wrote: An investigation of developer passwords revealed a number of weak passwords whose accounts have been locked in response. That's not good. Should we maybe implement a stricter password policy? Or maybe only allow pubkey ssh authentication? I would go for periodically cracking passwords, ones found with weak password will have their account locked. Note also that having pubkey ssh keys without keyphrase is quite pointless and (IMO) way more dangerous than weak login password. filippo -- Filippo Giunchedi - http://esaurito.net PGP key: 0x6B79D401 random quote follows: A child of five would understand this. Send someone to fetch a child of five. -- Groucho Marx signature.asc Description: Digital signature
Re: Debian Server restored after Compromise
Andreas Tille [EMAIL PROTECTED] writes: On Fri, 14 Jul 2006, martin f krafft wrote: As stated in the post, at least all those developers had their accounts locked. But shouldn't this be done by a dayly cron job that searches for secret keys on gluck and any other public Debian host each night? If the cron job would not really lock the account immediately it should at least send a warning mail to the admins. If someone does this, please also check that said secret key is actually in the Debian keyring. I may want to generate secret keys for testing purposes on a Debian host, particularly a porter host, and there's no security issue with that. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Server restored after Compromise
Hi Martin! You wrote: Debian Server restored after Compromise Kudos to debian-admin for sorting out the situation so quickly! An investigation of developer passwords revealed a number of weak passwords whose accounts have been locked in response. That's not good. Should we maybe implement a stricter password policy? Or maybe only allow pubkey ssh authentication? -- Kind regards, +--+ | Bas Zoetekouw | Sweet day, so cool, so calm, so bright, | || The bridall of the earth and skie: | | [EMAIL PROTECTED] | The dew shall weep thy fall tonight;| +|For thou must die. | +-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Server restored after Compromise
On 7/13/06, Bas Zoetekouw [EMAIL PROTECTED] wrote: Hi Martin! You wrote: Debian Server restored after Compromise Kudos to debian-admin for sorting out the situation so quickly! Yes! An investigation of developer passwords revealed a number of weak passwords whose accounts have been locked in response. That's not good. Should we maybe implement a stricter password policy? Or maybe only allow pubkey ssh authentication? I agree. pubkey ssh auth only, at least in servers with some core services. I think the servers to support porters can be more flexible, their downtime could hurt just one port and won't taint other services nor the archive - not that this happened with gluck. Btw, the exact compromised account was identified and locked too? regards, -- stratus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Server restored after Compromise
On Thu, Jul 13, 2006 at 08:18:27PM +0200, Bas Zoetekouw wrote: An investigation of developer passwords revealed a number of weak passwords whose accounts have been locked in response. That's not good. Should we maybe implement a stricter password policy? Or maybe only allow pubkey ssh authentication? Definitely a good idea. We already trust users to maintain their GPG key securely, so adding the requirement they do the same with an SSH keypair isn't anything more difficult. Steve -- signature.asc Description: Digital signature
Re: Debian Server restored after Compromise
Steve Kemp wrote: On Thu, Jul 13, 2006 at 08:18:27PM +0200, Bas Zoetekouw wrote: An investigation of developer passwords revealed a number of weak passwords whose accounts have been locked in response. That's not good. Should we maybe implement a stricter password policy? Or maybe only allow pubkey ssh authentication? Definitely a good idea. We already trust users to maintain their GPG key securely, so adding the requirement they do the same with an SSH keypair isn't anything more difficult. Like having both public and private SSH keys on gluck.d.o? -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Server restored after Compromise
On Thu, 13 Jul 2006, Bas Zoetekouw wrote: Or maybe only allow pubkey ssh authentication? I'd vote for it and I use it since the last break in exclusively. The only drawback is that the mail interface to db.d.o is somewhat broken but if more people use it the pressure to fix it might increase. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Server restored after Compromise
On Thu, Jul 13, 2006 at 10:49:04PM +0200, Andreas Tille wrote: On Thu, 13 Jul 2006, Bas Zoetekouw wrote: Or maybe only allow pubkey ssh authentication? I'd vote for it and I use it since the last break in exclusively. The only drawback is that the mail interface to db.d.o is somewhat broken but if more people use it the pressure to fix it might increase. When I wanted to mail my ssh key, I had to first log in on master (with my password) to be able to send the mail from there. The script doesn't handle mime, and my ssh key is longer then 1024 chars so you can't really send it over smtp as 1 line. I think exim allows it or something, making it work if you send it from master. But I guess you're talking about setting other things you can do thru the website, for which the password is required too. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]