Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Kumba]

Kurt Lieber wrote:

> No -- this would *only* affect ssh connections.  Mail would still continue
> to operate as it does now.
> 
> --kurt

I kinda got this figured out for cvs by dumping ssh keys from one of my 
machines onto dev, but How will we copy our keys to get distributed to 
dev now?  And what about those of us that run ssh connections off a 
windows desktop (i.e. PuTTY), how can this be setup properly?


--Kumba

-- 
"Such is oft the course of deeds that move the wheels of the world: 
small hands do them because they must, while the eyes of the great are 
elsewhere."  --Elrond


--
gentoo-dev@gentoo.org mailing list

[gentoo-dev] disabling password authentication on dev.gentoo.org

[Kurt Lieber]

[-- Attachment #1: Type: text/plain, Size: 450 bytes --]

Some folks in the meeting today suggesting disabling password auth on
dev.gentoo.org and requiring ssh key authentication for all *.gentoo.org
servers. Everyone present at the time supported the idea, so I'm posting it
here for comment.  Unless there is quite a bit of opposition from a
majority of the development team, this feature will go into effect no later
than the end of the week (Dec. 05) and possibly as soon as Wednesday (Dec.
03)

--kurt

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Jon Portnoy]

On Mon, Dec 01, 2003 at 02:23:14PM -0500, Kurt Lieber wrote:
> Some folks in the meeting today suggesting disabling password auth on
> dev.gentoo.org and requiring ssh key authentication for all *.gentoo.org
> servers. Everyone present at the time supported the idea, so I'm posting it
> here for comment.  Unless there is quite a bit of opposition from a
> majority of the development team, this feature will go into effect no later
> than the end of the week (Dec. 05) and possibly as soon as Wednesday (Dec.
> 03)
> 
> --kurt

I take it this won't change anything mail-wise?

-- 
Jon Portnoy
avenj/irc.freenode.net

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Kurt Lieber]

[-- Attachment #1: Type: text/plain, Size: 237 bytes --]

On Mon, Dec 01, 2003 at 02:28:02PM -0500 or thereabouts, Jon Portnoy wrote:
> I take it this won't change anything mail-wise?

No -- this would *only* affect ssh connections.  Mail would still continue
to operate as it does now.

--kurt

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Mike Frysinger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 30 November 2003 21:09, Kumba wrote:
> And what about those of us that run ssh connections off a
> windows desktop (i.e. PuTTY), how can this be setup properly?

putty supports ssh keys
- -mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iQIVAwUBP8v1bUFjO5/oN/WBAQI/iQ/+O0KR/21rr+p9YAEH8E6wIrMeirmeBexU
8HGupsgliG6hdTy9IS2DhCNSuJhVod3KCHeR+BlWFKHH3/MtZTcV+ilQOPvwDEqa
0L9S0ahite3f4d8LEFrDm/by/EQ7IoqlKGkVhUvKl5JJbig7rwId/pQGk8OOyho3
RwJpsjgZEjg7yLy/OAHNP/I6YjgYfil7mxvuDnOZZjk1Ct29dU71+sMw+wb8uQ4+
4bMjwTA8FSrOz73ujuawV1KdMaj9swXdSwTI9O6uobsPQA65lW1/M0epMtjhS6lb
mXErwxLlxMaF9h918nbz/IAzbekZrGkfUe4IXA9S0IP96AJIt7Aka36qEM3/VM29
YA3fb3WiB0YT+KE5AUiuV95fJOeeRgjQaTbumLL7oTVN0J/A7DLhYl9EXuijOPX8
PYJ8Ct8efr4e5Xz8JmIToi1nv6Mwq0ugOq0C/R1GQpfmUNbOrfzT863KT7LwIu7Z
Nry7Zo6G4OJaTr0g7Qu88Fzn1HO1VWEB6ELy5f56wO0RjuukY3tkr+WxoJCo8LBf
qnJN789X+0rHt3g7lS1JReepAIusK+9RCZK97j3+ek11dHG2CJZzqP0GOLqp2exJ
Ri9KTLHjD0poYO90AN+Og1+ipQkUywa0Ugf+1BfkYT1ZNwoX9s01TfKQxEplon/K
eH3ywToP1ag=
=HWel
-----END PGP SIGNATURE-----



--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Luke-Jr]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 01 December 2003 02:09 am, Kumba wrote:
> How will we copy our keys to get distributed to dev now?
I'd assume whoever sets up the account will do that for you. Any further 
changes can be done in 3 steps (add new key, test, remove old).
- -- 
Luke-Jr
Developer, Gentoo Linux
http://www.gentoo.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/y/ebZl/BHdU+lYMRAkXsAJ9meNX11CethyDri+zmjAjWQt+r3ACgitpO
T1pdwU0x3Zv7Qu3q7FvbMc8=
=ll43
-----END PGP SIGNATURE-----

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Robin H. Johnson]

[-- Attachment #1: Type: text/plain, Size: 1063 bytes --]

On Sun, Nov 30, 2003 at 09:09:18PM -0500, Kumba wrote:
> I kinda got this figured out for cvs by dumping ssh keys from one of
> my machines onto dev, but How will we copy our keys to get distributed
> to dev now?
Thats a very good question. In this case you'd have to go thru an admin
for it to work, which would firstly produce a bottleneck, and secondly
create more oppertunities for a possible security breach I think. The
initial send of the ssh key would have to be verified as coming from a
valid source (to stop some social engineering/taking advantage of
timing).

> And what about those of us that run ssh connections off a windows
> desktop (i.e. PuTTY), how can this be setup properly?
Look at Pageant for keeping access from windows. I had 3 keys loaded in
my Pageant for shelling everywhere from windows.

-- 
Robin Hugh Johnson
E-Mail     : robbat2@orbis-terrarum.net
Home Page  : http://www.orbis-terrarum.net/?l=people.robbat2
ICQ#       : 30269588 or 41961639
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Luke-Jr]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 02 December 2003 02:47 am, Robin H. Johnson wrote:
> On Sun, Nov 30, 2003 at 09:09:18PM -0500, Kumba wrote:
> > I kinda got this figured out for cvs by dumping ssh keys from one of
> > my machines onto dev, but How will we copy our keys to get distributed
> > to dev now?
> Thats a very good question. In this case you'd have to go thru an admin
> for it to work, which would firstly produce a bottleneck, and secondly
> create more oppertunities for a possible security breach I think. The
> initial send of the ssh key would have to be verified as coming from a
> valid source (to stop some social engineering/taking advantage of
> timing).
DCC the ssh key through IRC or GPG sign an email with it. Not too complicated. 
SSH keys are short enough one could simply paste them in a chat anyway...
- -- 
Luke-Jr
Developer, Gentoo Linux
http://www.gentoo.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/y/4yZl/BHdU+lYMRAu1VAJ9NjJV/Uk54Mu7Cy7NbDHdmjcp0GgCfX0nq
9Z7RMauhJzH1i+sW/a5Wpm8=
=FYEI
-----END PGP SIGNATURE-----

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Mike Frysinger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 01 December 2003 21:51, Luke-Jr wrote:
> > Thats a very good question. In this case you'd have to go thru an admin
> > for it to work, which would firstly produce a bottleneck, and secondly
> > create more oppertunities for a possible security breach I think. The
> > initial send of the ssh key would have to be verified as coming from a
> > valid source (to stop some social engineering/taking advantage of
> > timing).
>
> DCC the ssh key through IRC or GPG sign an email with it. Not too
> complicated. SSH keys are short enough one could simply paste them in a
> chat anyway... --

considering his initial points:
(1) admin is bottleneck
(2) verifying the key wasnt messed with in transit
your solution really doesnt address either ... in fact the irc thing is a 
*really bad* idea ...
after all, dcc/irc is as easy to manipulate as telnet (well even easier :D)
- -mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iQIVAwUBP8wAVUFjO5/oN/WBAQKTWRAArF8FI7iuv8t404FtWNoYc3w5v2BjRjOG
Q4c3aeBR4Rb3ahqhEhjo4e1Tj/5g58cUl4yVMT13lNf2w1ivUorLuN3UQbEtXp0g
AkYWKpTVOoaW/i5MbCUavjZCSyuSoyltqrD+7Dy8VIRO+LdeNRjZY/kiiqERWNUu
SXor9IfwHPjOp8KjtSi2EW9Xfi0nJYVQqxy6PzDwIazUwcVfLHegboEu2+bTDg0f
T4og/i6fwZ3ADx/3QFP9wBqq6wOsAfzYFqv4s/m4lbOqRHIcMffEI718s5uhqhAM
P/Ve0PceYFCRd3w7vrlX7piKkqkcCG30RB0jo5+QFUukklimiqVq5wkXqvIIdcEo
+HvT7z3LViMOdfXjy6LHDt3fXDXhh1YLxsu1/hjm4L2BYp1r3Mks8ckHNXt+0Kgx
+1It7pidDkthevLvX8n+R1UOHX/kE9WmDfF71EMef2LiFN3/Zv9N22DFZbmu1faq
NLKNozcgnf6vCV+4IAmaSTbiVgv6Q51JGeUisBgY5X4s39ks6I8+t/jdXvNp8DH9
zk7LVdMQkYlMsxhG0tpevAJ4327OUY1NLZD9VYpvgVObSxwnuUMyT7MRPmJQShqs
9Fffowd23dZmXEL/D9ApsTyFAk9VPWKweG4YBLKUdvsZVeamNuws3tOgHBgPUAxu
rh8dA7P7a48=
=1S2A
-----END PGP SIGNATURE-----



--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Luke-Jr]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 02 December 2003 03:00 am, Mike Frysinger wrote:
> considering his initial points:
> (1) admin is bottleneck
There's a few hours delay from when key is uploaded to dev to when it's copied 
to cvs anyway... Besides, considering the admin need to create the account in 
the first place, this isn't really an issue. Existing devs can have keys 
uploaded before passwords are disabled.
> (2) verifying the key wasnt messed with in transit
> your solution really doesnt address either ... in fact the irc thing is a
> *really bad* idea ...
> after all, dcc/irc is as easy to manipulate as telnet (well even easier :D)
Bug freenode to support GPG authentication for registered nicknames? =p
- -- 
Luke-Jr
Developer, Gentoo Linux
http://www.gentoo.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/zAcPZl/BHdU+lYMRAlhqAJ43z8FibiOGBnqWjuUiz+pcS5dcHwCgnAJc
pxpjdfYzSnZYtGIuGW0XHYs=
=rPhR
-----END PGP SIGNATURE-----

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Luke-Jr]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 02 December 2003 05:15 am, Robin H. Johnson wrote:
> Pipe dream as that would be very non-standard AFAIK.
The IRC protocol doesn't support registered nicknames at all. NickServ itself 
is non-standard, so there's no standards to break.
>
> Lets go back to your suggestion of GPG-signed mail for a moment.
> That still doesn't provide much help. I can easily generate a GPG key
> with your name and email address on them, and unless you have an
> existing key that is on the web-of-trust, I can't prove that the key is
> actually yours.
In which case, one would need to establish that they are actually talking with 
the person who is to give the key and be sure that it is not someone else 
they are talking with.
I don't see how this is any less an issue with sending new devs passwords, 
anyway...
- -- 
Luke-Jr
Developer, Gentoo Linux
http://www.gentoo.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/zB8UZl/BHdU+lYMRAn2BAJ91H6sxIZMxKyYkthqP++kR3oblDgCdHzzR
XcOXYX0ZwiseV4ugGCF5d0s=
=ua+8
-----END PGP SIGNATURE-----

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Robin H. Johnson]

[-- Attachment #1: Type: text/plain, Size: 1619 bytes --]

On Tue, Dec 02, 2003 at 03:29:16AM +0000, Luke-Jr wrote:
> > (1) admin is bottleneck
> There's a few hours delay from when key is uploaded to dev to when it's copied 
> to cvs anyway... Besides, considering the admin need to create the account in 
> the first place, this isn't really an issue. Existing devs can have keys 
> uploaded before passwords are disabled.
I do agree that the admin bottleneck isn't as much of a problem as it
could be, as the admin has to create the account in the first place, but
that and adding the key can be seperate actions. Eg, admin creates the
account, and asks user to send ssh key. 3rd party intercepts this
request, and answers themselves before the new developer does.

> > (2) verifying the key wasnt messed with in transit
> > your solution really doesnt address either ... in fact the irc thing is a
> > *really bad* idea ...
> > after all, dcc/irc is as easy to manipulate as telnet (well even easier :D)
> Bug freenode to support GPG authentication for registered nicknames? =p
Pipe dream as that would be very non-standard AFAIK.

Lets go back to your suggestion of GPG-signed mail for a moment.
That still doesn't provide much help. I can easily generate a GPG key
with your name and email address on them, and unless you have an
existing key that is on the web-of-trust, I can't prove that the key is
actually yours.

-- 
Robin Hugh Johnson
E-Mail     : robbat2@orbis-terrarum.net
Home Page  : http://www.orbis-terrarum.net/?l=people.robbat2
ICQ#       : 30269588 or 41961639
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Paul de Vrieze]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 02 December 2003 06:11, Luke-Jr wrote:
> In which case, one would need to establish that they are actually
> talking with the person who is to give the key and be sure that it is
> not someone else they are talking with.
> I don't see how this is any less an issue with sending new devs
> passwords, anyway...

In which way is this different from telling someone the temporary 
password over ssh. How can you know that you are talking to the actual 
prospective dev. If that prospective dev has allready used pgp to sign 
his messages to the list, one can be fairly sure that you are talking to 
the person that you intent to make a dev, else, yeah, well... that is a 
problem not specific to ssh keys and has more to do with social 
engineering. Is it possible to "infiltrate" an organization like gentoo? 
And is this risk a real risk.

Paul

- -- 
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/zFwmbKx5DBjWFdsRAtcVAJ9hNzHDxDdqa2MWywdJi6XElRQ55ACeN7sq
CDICcIrBZFhbd43ciB0WWTM=
=m9V3
-----END PGP SIGNATURE-----


--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Hallgrimur H. Gunnarsson]

On 02.12.2003 Alex Veber <coronalvr@gentoo.org> wrote:
> > Some folks in the meeting today suggesting disabling password auth on
> > dev.gentoo.org and requiring ssh key authentication for all *.gentoo.org
> > servers. Everyone present at the time supported the idea, so I'm posting it
> > here for comment.  Unless there is quite a bit of opposition from a
> > majority of the development team, this feature will go into effect no later
> > than the end of the week (Dec. 05) and possibly as soon as Wednesday (Dec.
> > 03)
> 
> I am not sure its a good Idea, I work on Gentoo from home and from school 
> uploading and downloading files all the time, the computers at school are 
> public and I can't put my key in there (If I forget to logout or something).

If you're going to trust a public school computer with your password in
the first place, you might just as well put your key there too. However,
should you trust a public school computer with your gentoo access at
all?

-- hhg

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Michael C. Ferguson]

On Tuesday 02 December 2003 10:14 am, Alex Veber wrote:

> I am not sure its a good Idea, I work on Gentoo from home and from school
> uploading and downloading files all the time, the computers at school are
> public and I can't put my key in there (If I forget to logout or
> something). --

You can always put your key on a USB keydrive or one of those nifty Rainbow 
iKeys (http://www.rainbow.com/products/ikey/).



-- mcf


--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Ian Leitch]

[-- Attachment #1: Type: text/plain, Size: 380 bytes --]

On Tue, 2003-12-02 at 16:14, Alex Veber wrote:

> I am not sure its a good Idea, I work on Gentoo from home and from school 
> uploading and downloading files all the time, the computers at school are 
> public and I can't put my key in there (If I forget to logout or something).

You could ssh to home, then ssh to dev... if its not too much trouble. 

Regards,
Ian. 

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Mike Frysinger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 02 December 2003 12:33, Alex Veber wrote:
> > If you're going to trust a public school computer with your password in
> > the first place, you might just as well put your key there too. However,
> > should you trust a public school computer with your gentoo access at
> > all?
> >
> > -- hhg
>
> Can you please explain whats wrong with using my password?

i've seen people install key loggers on public uni computers before ... they 
actual gather stuff before being caught ...
thats all he meant :)
- -mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iQIVAwUBP8y6O0FjO5/oN/WBAQIZEg//e4HCOJmFNcnSNgxrbWQIzKSvBtP+ehtj
ZFdvKTU4KmtqAXM9prbvic8BJ57JbBwjZmgLG/oq+tQUQZxuZnSAptyRB2RN86zf
onnMacvsp3OOytV94/4licJxrXOt2KpJowfivdS14GrFhV64i7fjY2l1YjyZ9cib
aJM0muzZkXWgOb0KI2R2WkWbq5Dsy/EC6tjtue8oP1WDG7XeouMJtqjtYdjXwump
zxL4xRILa4jWPOT7aI5+wqFUn6t+gY0eoKE+BEsMYFXpII3QyyfJLF1d7dY5CCOb
YCTVLBvx29rh7qE3TgHIJXaHPXdOAvKDLnU5iENRzMpyMaWR5ku93aq/5eu+K6yp
GsxNp8UkjimehowIJvDxpB+WU/RePa2jEPSEVKjiYH+Ze11Pb+hQNYj8q+jkq3Xg
jNcRJepEFNaljJdriqG0jH5U+9s7IGqZhc2Q5be8kAwZzQzJN/lJd3xNDdnpAikB
A9ieqs8Ik1e92cWtuuaF9L2Y3dVruf1xfNH/vLiwWGrRV31h0Y2HJ1LGCa9Btw7r
VrNzxWu2/0hRuwq2rX1keOmRBZo6rU8XjS2zURXNdXfbKpg/0wbRHCo7Pmn453mT
Gvv9wASPLte4gOmj5lQeOJdb5EmrqcnQ1l4g0/tg4SBuJ67xo9+cdYGZhlO0hi/D
vYV7nmz8MSs=
=JgGP
-----END PGP SIGNATURE-----



--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Alex Veber]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 01 December 2003 19:23, Kurt Lieber wrote:
> Some folks in the meeting today suggesting disabling password auth on
> dev.gentoo.org and requiring ssh key authentication for all *.gentoo.org
> servers. Everyone present at the time supported the idea, so I'm posting it
> here for comment.  Unless there is quite a bit of opposition from a
> majority of the development team, this feature will go into effect no later
> than the end of the week (Dec. 05) and possibly as soon as Wednesday (Dec.
> 03)
>
> --kurt

I am not sure its a good Idea, I work on Gentoo from home and from school 
uploading and downloading files all the time, the computers at school are 
public and I can't put my key in there (If I forget to logout or something).
- -- 
Alex Veber
Gentoo Linux Developer
Rosh Haa'in
Israel
Key fingerprint = 00BA 3837 906E CDA1 B83A  0535 D10E 5451 D8A7 253E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/zLpk0Q5UUdinJT4RAoF/AJ9UKcueDcmz1jgB87bZYUP3XSpxqwCcDMbB
BfjMky30skbhswoN+QWIg8Q=
=0Pau
-----END PGP SIGNATURE-----

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Lisa Seelye]

[-- Attachment #1: Type: text/plain, Size: 656 bytes --]

On Tue, 2003-12-02 at 09:45, Ian Leitch wrote:
> On Tue, 2003-12-02 at 16:14, Alex Veber wrote:
> 
> > I am not sure its a good Idea, I work on Gentoo from home and from school 
> > uploading and downloading files all the time, the computers at school are 
> > public and I can't put my key in there (If I forget to logout or something).
> 
> You could ssh to home, then ssh to dev... if its not too much trouble. 

That's what I do.  And I've gotten so good at typing my "strong"
password I can do it even with people watching and they won't get it. ;)


-- 
Regards,
-Lisa
<Vix ulla tam iniqua pax, quin bello vel aequissimo sit potior>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Hallgrimur H. Gunnarsson]

AB> I am not sure its a good Idea, I work on Gentoo from home and from school
AB> uploading and downloading files all the time, the computers at school are
AB> public and I can't put my key in there (If I forget to logout or
AB> something).

HHG> If you're going to trust a public school computer with your password in
HHG> the first place, you might just as well put your key there too. However,
HHG> should you trust a public school computer with your gentoo access at
HHG> all?
 
AB> Can you please explain whats wrong with using my password?

I never said there was something wrong with using your password. 

You said that your reason for not using a key is that you don't want
to put the key on a public school computer. The fact that you don't
want to put it there suggests to me that you don't trust that particular
computer. Why would you trust a computer with your password but not
your key?

The only way your key will be compromised is if the computer itself
were to be compromised, and a compromised computer will give the attacker
your gentoo access, no matter what authentication mechanism you're using.

So my remark was, you put the same amount of trust in that computer
whether you're using a password or a key. Either you trust it or you
don't, and should you put your trust in a public school computer?

-- hhg

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Alex Veber]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 02 December 2003 14:30, Hallgrimur H. Gunnarsson wrote:
> On 02.12.2003 Alex Veber <coronalvr@gentoo.org> wrote:
> > > Some folks in the meeting today suggesting disabling password auth on
> > > dev.gentoo.org and requiring ssh key authentication for all
> > > *.gentoo.org servers. Everyone present at the time supported the idea,
> > > so I'm posting it here for comment.  Unless there is quite a bit of
> > > opposition from a majority of the development team, this feature will
> > > go into effect no later than the end of the week (Dec. 05) and possibly
> > > as soon as Wednesday (Dec. 03)
> >
> > I am not sure its a good Idea, I work on Gentoo from home and from school
> > uploading and downloading files all the time, the computers at school are
> > public and I can't put my key in there (If I forget to logout or
> > something).
>
> If you're going to trust a public school computer with your password in
> the first place, you might just as well put your key there too. However,
> should you trust a public school computer with your gentoo access at
> all?
>
> -- hhg

Can you please explain whats wrong with using my password?
- -- 
Alex Veber
Gentoo Linux Developer
Rosh Haa'in
Israel
Key fingerprint = 00BA 3837 906E CDA1 B83A  0535 D10E 5451 D8A7 253E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/zMzR0Q5UUdinJT4RApSpAJ0ZtGqu0zdVm1AYt7G6J2ZFeVjZdwCbBNSE
GYjRFEhFlH4aahGLavFbu4I=
=fhiB
-----END PGP SIGNATURE-----

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Hallgrimur H. Gunnarsson]

On 02.12.2003 Lisa Seelye <lisa@gentoo.org> wrote:
> On Tue, 2003-12-02 at 09:45, Ian Leitch wrote:
> > On Tue, 2003-12-02 at 16:14, Alex Veber wrote:
> > 
> > > I am not sure its a good Idea, I work on Gentoo from home and from school 
> > > uploading and downloading files all the time, the computers at school are 
> > > public and I can't put my key in there (If I forget to logout or something).
> > 
> > You could ssh to home, then ssh to dev... if its not too much trouble. 
> 
> That's what I do.  And I've gotten so good at typing my "strong"
> password I can do it even with people watching and they won't get it. ;)

What about those who're watching you from inside the computer? Their
eyes are keen and their memory is long-lasting. Disabling password
authentication is a security measure, but it is no panacea. By forcing
developers to use keys you eliminate the problem of using passwords
in general, such as weak passwords or the use of the same password for
multiple places.

But some people complain, they say that a key is more inconvenient
than a password, for example, the key isn't as portable as a password,
you can't use it anywhere. My reply is, you shouldn't be using it
anywhere. You should never access a valuable resource from a computer
that you don't trust.

To force the use of keys exposes those who go around giving their
password to any computer they see. If you don't trust a computer well
enough to keep your key permanently on it, you shouldn't access gentoo
from that computer.

But it is true, sometimes security brings inconvenience. But I think
the idea of "ssh to home and then to gentoo" as a remedy for accessing
gentoo from an untrusted place is really bad. You've just given the
attacker your home computer in addition to gentoo.

-- hhg

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Matthew Kennedy]

Lisa Seelye <lisa@gentoo.org> writes:

> On Tue, 2003-12-02 at 09:45, Ian Leitch wrote:
>> On Tue, 2003-12-02 at 16:14, Alex Veber wrote:
>> 
>> > I am not sure its a good Idea, I work on Gentoo from home and from school 
>> > uploading and downloading files all the time, the computers at school are 
>> > public and I can't put my key in there (If I forget to logout or something).
>> 
>> You could ssh to home, then ssh to dev... if its not too much trouble. 
>
> That's what I do.  And I've gotten so good at typing my "strong"
> password I can do it even with people watching and they won't get it. ;)

[...]

I hope you people not only begin to use SSH key authentication, but
that you also use key authentication with a well chosen pass-phrase to
protect your private keys.

Matt

-- 
Matthew Kennedy
Gentoo Linux Developer

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[James Harlow]

On Tue, Dec 02, 2003 at 02:40:16PM -0600, Matthew Kennedy wrote:
> I hope you people not only begin to use SSH key authentication, but
> that you also use key authentication with a well chosen pass-phrase to
> protect your private keys.

A good site resource for the creation of secure passphrases is 
http://diceware.com/

-- 
When a true genius appears in the world, you may know him by this sign, that the dunces are all in confederacy against him. - Jonathan Swift

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Tavis Ormandy]

On Tue, Dec 02, 2003 at 05:46:58PM +0000, Hallgrimur H. Gunnarsson wrote:
> 
> But it is true, sometimes security brings inconvenience. But I think
> the idea of "ssh to home and then to gentoo" as a remedy for accessing
> gentoo from an untrusted place is really bad. You've just given the
> attacker your home computer in addition to gentoo.
> 

I mentioned S/key authentication the last time this was discussed, and
in this scenario it would be useful "ssh to home machine using s/key
where you ssh key is, use public key auth to gentoo..".

I think everyone should be using it :)

I started a short thread about it on the forums.

http://forums.gentoo.org/viewtopic.php?t=103232
-- 
-------------------------------------
taviso@sdf.lonestar.org | finger me for my gpg key.
-------------------------------------------------------

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Arthur Britto]

On Tue, 2003-12-02 at 09:33, Alex Veber wrote:
> Can you please explain whats wrong with using my password?

Never use your password on a machine you do not fully control:
  Someone may have installed a hardware or software keystroke logger.

Keystroke loggers are available externally and built into keyboards:
  http://www.keyghost.com/

>From an unsecure host, you can use a one time password to access your
secure machines:
  http://forums.gentoo.org/viewtopic.php?t=103232

However, the paranoid must consider:
 1) Anything communicated over the link may be recorded.

The truly paranoid must also consider:
 1) Once communication is established the accessing machine may insert
commands and filter results presented to you.
 2) You must ensure you really logout.  Just because it looks like you
logged out does not mean you were logged out.

-Arthur



--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Chris Gianelloni]

[-- Attachment #1: Type: text/plain, Size: 719 bytes --]

On Sun, 2003-11-30 at 21:09, Kumba wrote:
> Kurt Lieber wrote:
> 
> > No -- this would *only* affect ssh connections.  Mail would still continue
> > to operate as it does now.
> > 
> > --kurt
> 
> I kinda got this figured out for cvs by dumping ssh keys from one of my 
> machines onto dev, but How will we copy our keys to get distributed to 
> dev now?  And what about those of us that run ssh connections off a 
> windows desktop (i.e. PuTTY), how can this be setup properly?

PuTTY can import OpenSSH keys.  You can also save out your public PuTTY
key and send that in and it would work exactly the same.
-- 
Chris Gianelloni
Developer, Gentoo Linux
Games Team

Is your power animal a pengiun?

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Ramon van Alteren]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 02 December 2003 23:35, Chris Gianelloni wrote:
> PuTTY can import OpenSSH keys.  You can also save out your public PuTTY
> key and send that in and it would work exactly the same.

Yes it can do both but be sure to save your public PuTTY key in openssh 
format. PuTTY uses a slightly different format which is not compatible with 
openssh. 

There's an option "export in OpenSSH format" somewhere in the puttykeygen 
utility menu's.

Just to save you the headache I've had debugging that :)

Grtz

Ramon van Alteren

ram0n@cistron.nl
PGPkey id	0xF6B58AE57C02B1AE
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iJwEAQECAAYFAj/Nro4ACgkQgHBw8NvQiyStUQQAkAKJ1wc581wpdbkpl27I3FvM
Qgw4T0rFoEDjODWhnp/2DGLxgNkA80bFiYci0E0DPMkWRz+5eYTR1ME+wdafxfSp
TbvyL7wDu1E+LeFOTKMkuV4lNW7pwftdBYi5mz3iDCJJ7TiwC/KEA/XjR2OFX4uA
5awelCHppIBE/rjAqyo=
=gcVM
-----END PGP SIGNATURE-----


--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] disabling password authentication on dev.gentoo.org

[Bob Miller]

James Harlow wrote:

> On Tue, Dec 02, 2003 at 02:40:16PM -0600, Matthew Kennedy wrote:
> > I hope you people not only begin to use SSH key authentication, but
> > that you also use key authentication with a well chosen pass-phrase to
> > protect your private keys.
> 
> A good site resource for the creation of secure passphrases is 
> http://diceware.com/

There's also makepasswd, in the app-admin/makepasswd package.  It
creates passWORDs, not passPHRASEs, but the amount of randomness
should be equivalent if you use at least 12 chars.

-- 
Bob Miller                              K<bob>
kbobsoft software consulting
http://kbobsoft.com                     kbob@jogger-egg.com

--
gentoo-dev@gentoo.org mailing list