Re: ssh_host_keys
On Wed December 10 2008, Mike McGrath wrote: On Wed, 10 Dec 2008, Mike McGrath wrote: I've not actually used global ssh_known_hosts before, I wouldn't be surprised if it causes issues in some of our scripts that might have a conflicting ~/.ssh/known_hosts. Lets keep our eyes open. If there is a conflict, then the public key of the host the script connects to will probably not match. Therefore there is a problem anyways. http://fedoraproject.org/wiki/Infrastructure/SOP/ssh_known_hosts I suggest to use echo app1,10.8.34.59 $(cat /etc/ssh/ssh_host_rsa_key.pub) on the regarding machine instead of ssh-keyscan -t rsa app1,10.8.34.59 on a remote machine. Otherwise there may be still a small window of opportunity for a mitm attack. Regards, Till signature.asc Description: This is a digitally signed message part. ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
OpenVPN
Hello all. I had introduced myself a few weeks ago and mentioned that I have some OpenVPN experience. Today I was reading over some of the SOPs and noticed this TODO on the OpenVPN SOP: Deploy an additional VPN server outside of PHX. OpenVPN does support failover automatically so if configured properly, when the primary VPN server goes down all hosts should connect to the next host in the list I would like to offer to work on this. I would need a mentor to help me get acclimated to the environment but I am confident that I could get it up and running effectively and I have some spare time that I would love to put towards this. Regards. -- TJ Davis The sun can still shine behind a closed mind. -All Together Separate ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: ssh_host_keys
On Wed, Dec 10, 2008 at 11:04:25PM +0100, Till Maas wrote: On Wed December 10 2008, Mike McGrath wrote: http://fedoraproject.org/wiki/Infrastructure/SOP/ssh_known_hosts I suggest to use echo app1,10.8.34.59 $(cat /etc/ssh/ssh_host_rsa_key.pub) You may also want to include the FQDN and any other aliases for each machine. Otherwise if you try to ssh to a host using an FQDN or alias/CNAME, ssh will add a new entry to ~/.ssh/known_hosts with the new name, even if an entry for that IP address already exists in the global /etc/ssh/ssh_known_hosts. ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: OpenVPN
On Wed, 10 Dec 2008, TJ Davis wrote: Hello all. I had introduced myself a few weeks ago and mentioned that I have some OpenVPN experience. Today I was reading over some of the SOPs and noticed this TODO on the OpenVPN SOP: Deploy an additional VPN server outside of PHX. OpenVPN does support failover automatically so if configured properly, when the primary VPN server goes down all hosts should connect to the next host in the list I would like to offer to work on this. I would need a mentor to help me get acclimated to the environment but I am confident that I could get it up and running effectively and I have some spare time that I would love to put towards this. Regards. -- TJ Davis Sounds good TJ, Ricky was working on this a bit but he's also pretty busy. Stop by #fedora-admin sometime tomorrow and ping me, we'll put a plan together. -Mike___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
fedorahosted mtn
elfutils is switching to git, and AFAIK no other fedorahosted projects use mtn. I don't intend to work on the hosting support for mtn any more. (I've stopped maintaining any mtn-related Fedora/EPEL packages too.) Thomas Moschny maintains the mtn-related Fedora packages. He's also the author of the trac plugin. Thomas is the only person I can think of who might be interested in maintaining mtn hosting support for fedorahosted. Unless Thomas wants to take it over, I suggest we drop the mtn support (such as it is). Please note that I would like the existing mtn.fedorahosted.org alias and the run-mtn ssh support to stay around for a while, until all the elfutils developers have finalized the migration. So don't hurry to chop it all off. Thanks, Roland ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
مــــــــوقــــــــع الــــتـــــــو بــــــــة للبيع
موقع التـــوبة للبيعhttp://www.ksa001.com/vbيزدادنا شرف قدومك لنا _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
changed owner of git repos
Just FYI, I changed the owners of the git repos on hosted1 to be the first administrator found in their FAS group, since there was a ticket complaining that everything was owned by 'root'. Now you can see real owners at http://git.fedorahosted.org for the most part. If you disagree with the assignment of who the owner is, please either change the directory owner directly on hosted1 if you have access, or let me or someone else in sysadmin-hosted know and we'll take care of it. Thanks! -Jon ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list