Sad to see another compromise of a Debian host machine. Sad because there exist people who do this, rather than because we got caught out.
Would now be a good time to suggest restricting *.debian.org to key-based-logins only, and avoiding SSH password logins?
I don't know if all the services could be updated but I figure most could.
Yes this does mandate keeping an SSH key secure, and private, but we already require Debian Developers to do the same thing for a GPG key. Right?
Hell publish your public and private keypairs encrypted to your GPG key ;)
Right that is my post for the day.
- Community adverts seem to be working out nicely. Suprising clickthough rate, I was expecting higher.
- xen hosting work is progressing. Almost at decision time.
No tags No comments