Didn't see this in the Python-SF-FAQ and SF's docs are pretty mum on the subject... How do I change the password I use when ssh-ing into SF machines? I used the [change password] form from my SF web page, but when I ssh in to the compile farm it still wants my old password. Running the passwd command after logging into a compile farm machine results in "authentication failure" using both my old and new passwords. Is there perhaps some other machine I should login to? (For those of you not involved with the python.org website, this has immediate practical implications, because it appears one of the python.org machines was broken into.) Thx, Skip
"SM" == Skip Montanaro <skip@pobox.com> writes:
SM> Didn't see this in the Python-SF-FAQ and SF's docs are pretty SM> mum on the subject... How do I change the password I use when SM> ssh-ing into SF machines? I used the [change password] form SM> from my SF web page, but when I ssh in to the compile farm it SM> still wants my old password. Running the passwd command after SM> logging into a compile farm machine results in "authentication SM> failure" using both my old and new passwords. Is there SM> perhaps some other machine I should login to? SM> (For those of you not involved with the python.org website, SM> this has immediate practical implications, because it appears SM> one of the python.org machines was broken into.) The machine that was hacked was an ancient Solaris machine that hosted the Ultraseek server, i.e. search.python.org. I'm sure it was running an ancient version of sshd and Apache, but I doubt that that machine can be used to exploit other python.org machines. So as long as you didn't type your username and password in the basic auth window, I don't think you're password is vulnerable. I doubt you had an account on that machine anyway (not sure though). -Barry
SM> (For those of you not involved with the python.org website, this has SM> immediate practical implications, because it appears one of the SM> python.org machines was broken into.) BAW> The machine that was hacked was an ancient Solaris machine that BAW> hosted the Ultraseek server, i.e. search.python.org. I'm sure it BAW> was running an ancient version of sshd and Apache, but I doubt that BAW> that machine can be used to exploit other python.org machines. I suspect you're right (and, no, I didn't enter anything into the auth form). Still, this is as good an excuse as any to trot around changing passwords. :-) Skip
Skip Montanaro <skip@pobox.com> writes:
Didn't see this in the Python-SF-FAQ and SF's docs are pretty mum on the subject... How do I change the password I use when ssh-ing into SF machines? I used the [change password] form from my SF web page, but when I ssh in to the compile farm it still wants my old password.
That may be one of the cron jobs - it may take some time for a password change to propagate on SF. In any case, I recommend to upload an SSH public key, so you don't need to type passwords anymore. Regards, Martin
participants (3)
-
barry@zope.com
-
martin@v.loewis.de
-
Skip Montanaro