Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [eclipse.org-committers] SSH Auth Bot and your account security 
As a quick follow-up: if you have a HIPP instance and a shell account,
we won't automatically revoke your shell. I apologize if my wording
convinced you otherwise.

We know who you are and we know who uses the shell and who doesn't.
We're paranoid but smart.

Denis



On 01/15/2016 11:45 AM, Denis Roy wrote:
> Greetings committers,
> 
> A handful of you have SSH access to build.eclipse.org. You may have seen
> the SSH Auth Bot block shell access to you from an unknown location at
> some time.
> 
> Today we've had our first instance of unauthorized access. Fortunately,
> the SSH Auth Bot blocked that access and prevented a potential disaster
> for our data and our computer systems. But more importantly:
> 
>      _The committer informed us immediately_
> 
> If your account is blessed with shell access, we appreciate your
> continued attention to the SSH Auth Bot warnings you may receive.
> 
> Moving forward, we'll be removing shell access from those accounts who
> do not have a valid need for it. Basically, any project that owns a HIPP
> instance has no real need for a shell, as the HIPP instance can run
> shell scripts on your behalf. We'll also be adding access history to
> your account page on dev.eclipse.org, so you can audit and monitor your
> access to our servers.
> 
> Once pure Git is deprecated [1] and Gerrit is used for all our repos,
> SSH access will be entirely eliminated for all users except a few that I
> can count on my left hand. Local SSH access is our #1 security liability
> at the moment.
> 
> Thanks again for being a good Eclipse citizen.
> 
> Denis
> 
> 
> [1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=452549
> 
> 
>

Back to the top