[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[eclipse.org-committers] SSH Auth Bot and your account security

Greetings committers,

A handful of you have SSH access to build.eclipse.org. You may have seen
the SSH Auth Bot block shell access to you from an unknown location at
some time.

Today we've had our first instance of unauthorized access. Fortunately,
the SSH Auth Bot blocked that access and prevented a potential disaster
for our data and our computer systems. But more importantly:

     _The committer informed us immediately_

If your account is blessed with shell access, we appreciate your
continued attention to the SSH Auth Bot warnings you may receive.

Moving forward, we'll be removing shell access from those accounts who
do not have a valid need for it. Basically, any project that owns a HIPP
instance has no real need for a shell, as the HIPP instance can run
shell scripts on your behalf. We'll also be adding access history to
your account page on dev.eclipse.org, so you can audit and monitor your
access to our servers.

Once pure Git is deprecated [1] and Gerrit is used for all our repos,
SSH access will be entirely eliminated for all users except a few that I
can count on my left hand. Local SSH access is our #1 security liability
at the moment.

Thanks again for being a good Eclipse citizen.

Denis


[1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=452549



-- 
*Denis Roy*
@droy_eclipse