Toshio Kuratomi | 19 Aug 18:36 2008

Re: reset ssh keys, even if only a public key in fedora?

Felix Schwarz wrote:
> Patrice Dumas schrieb:
>> I just received the reset password mail, and it asks me to reset my 
>> ssh key by doing ssh-keygen. However, if I recall well I only uploaded 
>> my public key to the fedora server. Why would I want to reset my key 
>> pair?
> #fedora-admin:
> (17:40:55) mmcgrath: mpdehaan: well, couple of reasons.
> (17:41:16) mmcgrath: mpdehaan: 1) we removed all the keys as an 
> affective way of disabling access everywhere while we're working
> (17:41:42) mmcgrath: and 2) we decided it wasn't a bad idea to have 
> people fix it on their own, it helps with stuff like pruning, etc.
I'm going to add a tiny bit to this:

3) The Account System code will prevent you from uploading a DSA key. 
So if your key was DSA, you'll have to generate an RSA key and upload 
that.  This is due to the fact that we haven't found a 100% accurate way 
to find all DSA keys generated by the eak-Debian-random-number-packages.

4) If you uploaded your ssh private key to a Fedora Infrastructure 
server, for instance, because you were sshing between publictest 
machines, you should replace your key as a precaution just as we are 
asking you to replace your passwords.



fedora-devel-list mailing list
fedora-devel-list <at>