[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[eclipse.org-committers] Storing private keys in Git

Greetings,

You may have heard the story[1] where hundreds of SSH private keys were stored in Github repositories. With the private key, anyone who knows the hostname and the user ID can access the target computer, unchallenged.

Someone has discovered SSH private keys on git.eclipse.org.

Since User IDs and server names are not at all hidden at eclipse.org, I'd like to remind you that it's extremely important to ensure you do not store your keys in Git repositories.  Many eclipse.org committers have shell accounts, which could potentially be dangerous.

Thank you for being extra vigilant with the care of your keys.

Denis


[1] http://it.slashdot.org/story/13/01/25/132203/github-kills-search-after-hundreds-of-private-keys-exposed

--
Denis Roy
Director, IT Services
Eclipse Foundation, Inc. -- http://www.eclipse.org/
Office: 613.224.9461 x224 (Eastern time)
denis.roy@xxxxxxxxxxx

EclipseCon
          2013

PNG image