reset ssh keys, even if only a public key in fedora?
Toshio Kuratomi
a.badger at gmail.com
Tue Aug 19 16:36:27 UTC 2008
Felix Schwarz wrote:
> Patrice Dumas schrieb:
>> I just received the reset password mail, and it asks me to reset my
>> ssh key by doing ssh-keygen. However, if I recall well I only uploaded
>> my public key to the fedora server. Why would I want to reset my key
>> pair?
>
> #fedora-admin:
> (17:40:55) mmcgrath: mpdehaan: well, couple of reasons.
> (17:41:16) mmcgrath: mpdehaan: 1) we removed all the keys as an
> affective way of disabling access everywhere while we're working
> (17:41:42) mmcgrath: and 2) we decided it wasn't a bad idea to have
> people fix it on their own, it helps with stuff like pruning, etc.
>
I'm going to add a tiny bit to this:
3) The Account System code will prevent you from uploading a DSA key.
So if your key was DSA, you'll have to generate an RSA key and upload
that. This is due to the fact that we haven't found a 100% accurate way
to find all DSA keys generated by the eak-Debian-random-number-packages.
4) If you uploaded your ssh private key to a Fedora Infrastructure
server, for instance, because you were sshing between publictest
machines, you should replace your key as a precaution just as we are
asking you to replace your passwords.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080819/8a51aae7/attachment.sig>
More information about the fedora-devel-list
mailing list