after changing my (mtoman) FAS password and SSH key, I'm not able to SSH
retrace01.fedoraproject.org anymore (pubkey, password). Login to
fedorapeople and fedorahosted works correctly. Could you look at the
problem and possibly renew my access?
Could anybody check the problem, please?
It's been 8 weeks since I reported the issue.
RHN Satellite Engineering, Red Hat
-------- Original Message --------
Subject: Permission denied (publickey)
Date: Thu, 02 Dec 2010 11:15:41 +0100
From: Tomas Lestach <tlestach(a)redhat.com>
my fedoraproject.org account is: tlestach
My Roles are:
* Signed CLA Group (user)
* Fedora CLA Group (user)
* Spacewalk Git Commit Group (administrator)
When I try to upload a tar.gz to fedorahosted.org:spacewalk, I get:
$ scp /tmp/tito/spacewalk-backend-1.3.20.tar.gz fedorahosted.org:spacewalk
Permission denied (publickey).
According to https://fedorahosted.org/web/faq, I shall have just a
fedoraproject account and a CLA, what I have.
I'm sure, my public key is correct, because I'm a member of one of the
Git Commit Groups and I have no trouble with committing, where the
public key get's verified.
Is there something I miss?
RHN Satellite Engineering, Red Hat
We would very much welcome you as a mirror. Please see http://fedoraproject.org/wiki/Infrastructure/Mirroring, and create an account for yourself in the Fedora Account System, and register your mirror in MirrorManager, our database, at https://admin.fedoraproject.org/mirrormanager . You can enter your own mirror there, and update your information as needed. Within 2 hours of adding your info to the database, you will start seeing traffic.
If you have any questions, please let us know.
Fedora Mirror Wrangler
Dell | Office of the CTO
From: mirror-admin-bounces(a)fedoraproject.org [mailto:email@example.com] On Behalf Of Gmail - Pham Duc Hoang
Sent: Tuesday, December 21, 2010 9:11 PM
To: mirror-admin(a)fedoraproject.org; fedora-infrastructure-list(a)redhat.com
Subject: New Fedora Mirror in Vietnam
We launched a new mirror for the project fedoraproject.org. You can add a mirror to the overall list. Below the information about mirror:
* My Company : DIGIPOWER Co.,ltd
* URL of mirror: http://mirrors.digipower.vn/fedora/releases
* Country where the mirror is located: VietNam
* Contact email address: support(a)digipower.vn , duchoang(a)digipower.vn
* Update frequency: 4 times a day
* Rsync repository used: mirrors.digipower.vn::fedora
* Approximate bandwidth: 100Mbps
* IP : 18.104.22.168 .
* Service : HTTP - FTP - RSYNC
* Available content : Fedora Linux 13 - 14
* Architectures : All
Best Regards ,
Mirror-admin mailing list
Where is the proper place to seek support for BFO (boot.fp.org)? I
didn't really see a component for it in Bugzilla, nor were there any
contact links on the website or in the FAQ.
I know it spawned out of Infrastructure, so also checked Trac -- that
may be the right place but thought I'd ask here first.
I have an issue with my NIC being supported. Probably can resolve
upstream, but who here would need to be pinged to implement any
Awesome work and happy that nothing bad has happened.
One question is should a password length and secure password creation
check be enforced on the FAS system. Like regular expression checks
and stuff. I know this is asking a lot, the current implementation
allows me to have a simple password if I remember(need to check) been
long. And password expiry? :)
On Tue, Jan 25, 2011 at 1:14 PM, Jared K. Smith
> Summary: Fedora infrastructure intrusion but no impact on product integrity
> On January 22, 2011 a Fedora contributor received an email from the Fedora
> Accounts System indicating that his account details had been changed. He
> contacted the Fedora Infrastructure Team indicating that he had received
> the email, but had not made changes to his FAS account. The Infrastructure
> Team immediately began investigating, and confirmed that the account had
> indeed been compromised.
> At this time, the Infrastructure Team has evidence that indicates the account
> credentials were compromised externally, and that the Fedora Infrastructure was
> not subject to any code vulnerability or exploit.
> The account in question was not a member of any sysadmin or Release Engineering
> groups. The following is a complete list of privileges on the account:
> * SSH to fedorapeople.org (user permissions are very limited on this machine).
> * Push access to packages in the Fedora SCM.
> * Ability to perform builds and make updates to Fedora packages.
> The Infrastructure Team took the following actions after being
> notified of the issue:
> 1. Lock down access to the compromised account
> 2. Take filesystem snapshots of all systems the account had access to
> (pkgs.fedoraproject.org, fedorapeople.org)
> 3. Audit SSH, FAS, Git, and Koji logs from the time of compromise to the
> Here, we found that the attacker did:
> * Change the account's SSH key in FAS
> * Login to fedorapeople.org
> The attacker did not:
> * Push any changes to the Fedora SCM or access pkgs.fedoraproject.org in
> any way
> * Generate a koji cert or perform any builds
> * Push any package updates
> Based on the results of our investigation so far, we do not believe that any
> Fedora packages or other Fedora contributor accounts were affected by this
> While the user in question had the ability to commit to Fedora SCM, the
> Infrastructure Team does not believe that the compromised account was used to
> do this, or cause any builds or updates in the Fedora build system. The
> Infrastructure Team believes that Fedora users are in no way threatened by this
> security breach and we have found no evidence that the compromise extended
> beyond this single account.
> As always, Fedora packagers are recommended to regularly review commits to
> their packages and report any suspicious activity that they notice.
> Fedora contributors are strongly encouraged to choose a strong FAS password.
> Contributors should *NOT* use their FAS password on any other websites or
> user accounts. If you receive an email from FAS notifying you of changes to
> your account that you did not make, please contact the Fedora Infrastructure
> team immediately via admin(a)fedoraproject.org.
> We are still performing a more in-depth investigation and security audit and we
> will post again if there are any material changes to our understanding.
> Jared Smith
> Fedora Project Leader
> announce mailing list
As we talked about in the infrastructure meeting (and beyond) yesterday.
I did a full rpm -Va run on every host we maintain.
the results are on puppet1 in /var/tmp/global-rpm-va
some of them are icko
I`d like to introduction myself, my name is John Bassford (irc jbass29503 on
irc.freenode.net#fedora-admin) and was looking to learn the in/outs of how
the fedora infrstucture group works and possible start to assist with small
tasks/projects to assist the fedora project. I have been a sysadmin for
about 13 years
now, working both linux and windows sides.
So please look at the info below which is what was recommended from the
fedora-wiki, and don`t be in shock.
Name: John Bassford
Time Zone/Country: Eastern/US
BasicSkills/Experiences: SystemAdministrator/Engineer, bash,perl, ldap,rpm
packaging, nagios, dns admin, fimilar with puppet
Developerskills: not really, know php, and a little java, but not python
whyJoin: to give back to opensource community, learn new technology and
ways, in general to boarden my horizons
Looking to do: observe and get a feel of the infrastructure group
and possible help with these two open tickets to start with, I think they
are small and something good for someone new to the group
to start with. (tickets 1152 and 1084 if there really is still work to be
done for them, as these active tickets are rather old)
an maybe the Nagios upgrade. (2275)
HowMuchTime: couple hours a day and/or more on a weekend.
I have some hardware to do simulated testing with, a dell server running
vmware esx (freeware) which is what I just installed fedora14 on, but
limited in disk space abou 100GB total local.