[ale] Security breach on kernel.org

[David Tomaschik]

On Thu, Sep 1, 2011 at 11:46 AM, JD <jdp at algoloma.com> wrote:
> Having the "public" ssh-keys isn't all that worrisome to me either. Am I
> missing something important?  The way that Git works is you push your
> public ssh-key to the remote server and use that for remote commands to
> the repository.  That key cannot connect back to your system. It only
> works through git or ssh commands initiated by the user. Can it be used
> to hop systems? I don't think so, not without the private key.  Sure,
> someone could swap out the git and ssh programs with Trojans. We'll know
> more about that soon enough.
<snip>
>
> Sure, I'd change my ssh-keys if I were a core contributer.  `ssh-keygen`
> isn't **that big of a deal.**  Then `ssh-copy-id` pushes the new keys to
> remote systems pretty easily.  Used it yesterday on a new VM.
>
> What am I missing?

My guess is that it's more of (as Jim alluded to) reinstalling the
pubkeys.  They don't want to copy the old ones over wholesale incase
an attacker replaced/added pubkeys to peoples authorized_keys files --
they'd just be giving him access again.

I can't think of any attack that would be made possible with a
legitimate pubkey -- after all, they're called public keys for a
reason.

(This is all just conjecture, I don't know what the thinking of the
kernel.org admins is.)

-- 
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com