Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [] SSH Auth Bot and your account security

As a quick follow-up: if you have a HIPP instance and a shell account,
we won't automatically revoke your shell. I apologize if my wording
convinced you otherwise.

We know who you are and we know who uses the shell and who doesn't.
We're paranoid but smart.


On 01/15/2016 11:45 AM, Denis Roy wrote:
> Greetings committers,
> A handful of you have SSH access to You may have seen
> the SSH Auth Bot block shell access to you from an unknown location at
> some time.
> Today we've had our first instance of unauthorized access. Fortunately,
> the SSH Auth Bot blocked that access and prevented a potential disaster
> for our data and our computer systems. But more importantly:
>      _The committer informed us immediately_
> If your account is blessed with shell access, we appreciate your
> continued attention to the SSH Auth Bot warnings you may receive.
> Moving forward, we'll be removing shell access from those accounts who
> do not have a valid need for it. Basically, any project that owns a HIPP
> instance has no real need for a shell, as the HIPP instance can run
> shell scripts on your behalf. We'll also be adding access history to
> your account page on, so you can audit and monitor your
> access to our servers.
> Once pure Git is deprecated [1] and Gerrit is used for all our repos,
> SSH access will be entirely eliminated for all users except a few that I
> can count on my left hand. Local SSH access is our #1 security liability
> at the moment.
> Thanks again for being a good Eclipse citizen.
> Denis
> [1]

Back to the top