On Mon, Jun 02, 2008 at 09:02:50AM +0100, Philip Hands wrote:
> On Mon, Jun 02, 2008 at 01:48:29AM +0200, Joerg Jaspert wrote:
> > On 11403 March 1977, Steve Langasek wrote:
> > > So tagging a key as belonging to a particular host is insufficient - we
> > > need
> > > the full authorized_keys sem
On Wed, 11 Jun 2008, Tollef Fog Heen wrote:
> * Philip Hands
>
> | While this is initially for our (DSA's) benefit, in that it makes applying
> | global changes easier, it's also for user's benefit. -- compare the
> | effort required to ensure that there are no copies of a key (that was
> | on
* Philip Hands
| While this is initially for our (DSA's) benefit, in that it makes applying
| global changes easier, it's also for user's benefit. -- compare the
| effort required to ensure that there are no copies of a key (that was
| on a stolen laptop, say), on every debian host you _might_ h
On Mon, Jun 02, 2008 at 01:48:29AM +0200, Joerg Jaspert wrote:
> On 11403 March 1977, Steve Langasek wrote:
>
> > So tagging a key as belonging to a particular host is insufficient - we need
> > the full authorized_keys semantics for setting key options (from=, command=,
> > no-port-forwarding, no
On 11403 March 1977, Steve Langasek wrote:
> So tagging a key as belonging to a particular host is insufficient - we need
> the full authorized_keys semantics for setting key options (from=, command=,
> no-port-forwarding, no-X11-forwarding, at least).
And? You have that already, just add that in
On Sun, Jun 01, 2008 at 09:47:30AM -0700, Steve Langasek wrote:
> Ideally, I would hope that at some future date the openssh packages gain
> support for disabling DSS user keys via the config and the debian.org
> machines could use that, bringing the behavior back closer into line with
> the stock
On Sun, Jun 01, 2008 at 11:10:42AM +0100, Philip Hands wrote:
> While this is initially for our (DSA's) benefit, in that it makes applying
> global changes easier, it's also for user's benefit.
Er, "we're taking away your options for your own good"? :)
> -- compare the effort required to ensure t
On Sun, Jun 01, 2008 at 09:15:19AM +0200, Peter Palfrader wrote:
> On Sat, 31 May 2008, Steve Langasek wrote:
> > > People submitting known bad keys to ldap and stuffing those in their
> > > authorized_keys files also. What else did you think it meant?
> > I have no idea, because I don't underst
On Sun, 01 Jun 2008, Philip Hands wrote:
> If there's some reason that you want specific keys to only give access
> to specific hosts, and if the reason justifies the effort, I suppose it
> would be possible to come up with a way of tagging which hosts any
> particular key should give access to in
On Sun, Jun 01, 2008 at 09:15:19AM +0200, Peter Palfrader wrote:
> On Sat, 31 May 2008, Steve Langasek wrote:
>
> > > People submitting known bad keys to ldap and stuffing those in their
> > > authorized_keys files also. What else did you think it meant?
> >
> > I have no idea, because I don't u
On Sun, 01 Jun 2008, Mohammed Adnène Trojette wrote:
> On Sun, Jun 01, 2008, Peter Palfrader wrote:
> > (hint: how would you place that file there in the first place?)
>
> Ask for a password change. Send your key with ssh-copy-id. Don't change
> your password and lose it. And then try to login wit
On Sun, Jun 01, 2008, Peter Palfrader wrote:
> (hint: how would you place that file there in the first place?)
Ask for a password change. Send your key with ssh-copy-id. Don't change
your password and lose it. And then try to login with your SSH key.
OK, one has to be a bit thick to do that.
--
On Sat, 31 May 2008, Steve Langasek wrote:
> I.e., it's "for developers", which is not the same thing as "about
> development".
Funnily it got posted in a mail that is named "Misc _development_ news".
:-)
> It's a policy change which should be communicated to the developer body.
[...]
> Does this
On Sun, 01 Jun 2008, Mohammed Adnène Trojette wrote:
> On Sun, Jun 01, 2008, Peter Palfrader wrote:
> > know it. I suppose etc/motd will eventually be updated to point to it
> > also.
>
> What's the use if you can't manage to login?
Is this just to show that you have no idea what this is about,
On Sat, 31 May 2008, Steve Langasek wrote:
> > People submitting known bad keys to ldap and stuffing those in their
> > authorized_keys files also. What else did you think it meant?
>
> I have no idea, because I don't understand why the above would warrant a
> policy change wrt authorized_keys.
On Sun, Jun 01, 2008 at 12:50:24AM +0200, Peter Palfrader wrote:
> > - d-d-a is the list that all developers are supposed to be subscribed to,
> > which means that's the list where announcements of general interest
> > *should* go.
> It's not development related tho.
Description of that list
On Sun, Jun 01, 2008, Peter Palfrader wrote:
> It's not development related tho. And most people really don't need to
It is developers related.
And http://lists.debian.org/devel.html reads:
debian-devel-announce: Announcements for developers
> know it. I suppose etc/motd will eventually be up
[EMAIL PROTECTED] dropped]
On Sat, 31 May 2008, Steve Langasek wrote:
> I think this is a great example of why announcements like this should be
> sent to debian-devel-announce in the first place, instead of being relegated
> to the debian-infrastructure-announce list that most developers aren't
> Mail-Followup-To: [EMAIL PROTECTED]
(Heh, eew)
On Fri, May 30, 2008 at 08:52:02PM +0200, Raphael Hertzog wrote:
> The news are collected on http://wiki.debian.org/DeveloperNews
> Feel free to contribute.
> ~/.ssh/authorized_keys will remain disabled by default
> --
19 matches
Mail list logo
