[Buildbot] #3004: No passwords anywhere
Buildbot trac
trac at buildbot.net
Sat Nov 22 17:55:38 UTC 2014
#3004: No passwords anywhere
-------------------+--------------------------------
Reporter: dustin | Owner:
Type: task | Status: new
Priority: major | Milestone: sys - on-bb-infra
Version: | Resolution:
Keywords: |
-------------------+--------------------------------
Old description:
> Shared passwords suck. When people come and go, you have to change them.
> It's a nightmare.
>
> Proposal:
>
> * SSH key access for admins to named accounts (dustin, amar, mss, etc.)
> on each host
> * passwordless sudo access
> * `ALL` for admins
> * `jexec <appropriate jail> sh` for non-admins with access to a single
> jail
> * No root logins via SSH
> * Root password locked or at least unknown to anyone
>
> I'd be happy to add a free 2FA provider to this to complement the SSH
> keys -- but let's do that once the baseline is in place.
New description:
Shared passwords suck. When people come and go, you have to change them.
It's a nightmare.
Proposal:
* SSH key access for admins to named accounts (dustin, amar, mss, etc.)
on each host [DONE]
* passwordless sudo access
* `ALL` for admins [DONE]
* `jexec <appropriate jail> sh` for non-admins with access to a single
jail
* No root logins via SSH
* Root password locked or at least unknown to anyone
I'd be happy to add a free 2FA provider to this to complement the SSH keys
-- but let's do that once the baseline is in place.
--
Comment (by dustin):
ssh keys, too.
Amar and I know the root password -- we should change that to something
more complex, using Ansible.
--
Ticket URL: <http://trac.buildbot.net/ticket/3004#comment:4>
Buildbot <http://buildbot.net/>
Buildbot: build/test automation
More information about the bugs
mailing list