[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [eclipse.org-committers] SSH Auth Bot and your account security
|
As a quick follow-up: if you have a HIPP instance and a shell account,
we won't automatically revoke your shell. I apologize if my wording
convinced you otherwise.
We know who you are and we know who uses the shell and who doesn't.
We're paranoid but smart.
Denis
On 01/15/2016 11:45 AM, Denis Roy wrote:
> Greetings committers,
>
> A handful of you have SSH access to build.eclipse.org. You may have seen
> the SSH Auth Bot block shell access to you from an unknown location at
> some time.
>
> Today we've had our first instance of unauthorized access. Fortunately,
> the SSH Auth Bot blocked that access and prevented a potential disaster
> for our data and our computer systems. But more importantly:
>
> _The committer informed us immediately_
>
> If your account is blessed with shell access, we appreciate your
> continued attention to the SSH Auth Bot warnings you may receive.
>
> Moving forward, we'll be removing shell access from those accounts who
> do not have a valid need for it. Basically, any project that owns a HIPP
> instance has no real need for a shell, as the HIPP instance can run
> shell scripts on your behalf. We'll also be adding access history to
> your account page on dev.eclipse.org, so you can audit and monitor your
> access to our servers.
>
> Once pure Git is deprecated [1] and Gerrit is used for all our repos,
> SSH access will be entirely eliminated for all users except a few that I
> can count on my left hand. Local SSH access is our #1 security liability
> at the moment.
>
> Thanks again for being a good Eclipse citizen.
>
> Denis
>
>
> [1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=452549
>
>
>