Fedora Project Forces Users to Change Password & ssh Key

The Fedora Project has posted an announcement advising current users of the Fedora Account System to change their password and SSH public key before 30 November or risk their accounts being marked as inactive. The information was posted to the Fedora "announce" mailing list by Infrastructure Lead Kevin Fenzi, who stated that the change was "due to the large number of high profile sites with security breaches in recent months". Recently reported breaches include those of WineHQ, The Linux Foundation and kernel.org. The new move is precautionary, and is not due to any "specific compromise or vulnerability in Fedora Infrastructure".
The request sets out the requirement for passwords of at least 9 characters in length (20 if only lowercase characters are used) and notes that a new SSH public key must also be generated to avoid an account being marked as inactive. The announcement also includes a "Do's and Don'ts" section with several tips for increasing personal security. Instructions for changing Fedora Account System passwords and SSH public keys can be found in the Q&A section of the announcement.
According to Fedora:-
"All existing users of the Fedora Account System (FAS) at https://admin.fedoraproject.org/accounts are required to change their password and upload a NEW ssh public key before 2011-11-30. Failure to do so may result in your account being marked inactive. Passwords changed and NEW ssh public keys uploaded after 2011-10-10 will meet this requirement.

Backgound and Reasoning:-

This change event has NOT been triggered by any specific compromise or  vulnerability in Fedora Infrastructure. Rather, we believe, due to the large number of high profile sites with security breaches in recent months, that this is a great time for all Fedora contributors and users to review their security settings and move to "best practices" on their machines. Additionally, we are putting in place new rules for passwords to make them harder to guess.

New Password Rules:-

  • Nine or more characters with lower and upper case letters, digits and punctuation marks.
  • Ten or more characters with lower and upper case letters and digits.
  • Twelve or more characters with lower case letters and digits
  • Twenty or more characters with all lower case letters.
  • No maximum length.
Some Do's and Don'ts:-
  • NEVER store your ssh private key on a shared or public system.
  • ALWAYS use a strong passphrase on your ssh key.
  • If you must store passwords, use an application specifically for this purpose like revelation, gnome-keyring, seahorse, or keepassx.
  • Regularly apply your operating system's security related updates.
  • Only use ssh agent forwarding when needed ( .ssh/config: "ForwardAgent no")
  • DO verify ssh host keys via dnssec protected dns. ( .ssh/config:"VerifyHostKeyDNS yes")
  • DO consider a seperate ssh key for Fedora Infrastructure.
  • Work with and use security features like SELinux and iptables.
  • Review the Community Standard Infrastructure security document 

-News Source (Fedora Project & The H)


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories: , ,


Post a Comment

Related Posts Plugin for WordPress, Blogger...