Forgot your password?
typodupeerror
Security Linux

Linux Kernel Git Repositories Add 2-Factor Authentication 49

Posted by samzenpus
from the locking-things-down dept.
LibbyMC writes For a few years now Linux kernel developers have followed a fairly strict authentication policy for those who commit directly to the git repositories housing the Linux kernel. Each is issued their own ssh private key, which then becomes the sole way for them to push code changes to the git repositories hosted at kernel.org. While using ssh keys is much more secure than just passwords, there are still a number of ways for ssh private keys to fall into malicious hands. So they've further tightened access requirements with two-factor authentication using yubikeys.
This discussion has been archived. No new comments can be posted.

Linux Kernel Git Repositories Add 2-Factor Authentication

Comments Filter:
  • by tota (139982) on Tuesday August 19, 2014 @02:48AM (#47701477) Homepage
    The user is not issued a key, he generates one and gives it to the repository administrator to get ssh access. This process is called *generating* a key, and you can publish the public key to anyone, including the repository administrator which will then use it to grant you access. The private key however.. should remain private.

    The point is that only *you* should ever have access to the private key, having someone else generate it (as is suggested by the wording in this article) would be very unusual, as you would not want to use this key for anything else, and someone else would have your private key for no good reason. Someone could even potentially use this key to fake your identity in commits.

    The problematic wording is here: "Each is issued their own ssh private key".

A language that doesn't have everything is actually easier to program in than some that do. -- Dennis M. Ritchie

Working...