On 05/15/2017 03:52 PM, Kevin A. McGrail wrote:
Hi Bryan,

A) My default answer is always going to be add it to the wiki with sensitive portions redacted and point to SVN files that are encrypted. This follows in kind to how extremely, sensitive items

B) In my line of work, it is absolutely a failure of any security audit to use a default password. It also shouldn't be written even on this list.

I have changed the default admin password and will put it in the sysadmins repo properly encrypted.


What you should do is use the pub key at http://people.apache.org/~kmcgrail/ and encrypt a file with the password. <soapbox>Ideally, you already have a key for me that chains to a circle of trust so you know for sure it's me. They actually have key signing parties and stuff for this. I've found it to be a PITA and doesn't make me feel better that the key is valid. It's not like we are trained in verifying fake IDs so it's nothing but an illusion of trust.</soapbox>

Dave, can you decrypt https://svn.apache.org/repos/asf/spamassassin/sysadmins/accounts/example.enc? There is a example.enc.README to help explain more of the process.


My concern is I can sign it with your (Kevin's) key and even Brian's key so the two of you can open it but what happens if another 5 or 10 years go by and we 3 are no longer volunteering as SA sysadmins? The next generation of sysadmins won't be able to open these files.

There has to be a better way where we use an encrypted file with a master password that we share and is recorded in a save place for the future.

I use LastPass for this and I have my master password in an envelope in a safe for my wife to open in the event I am no longer on this planet. I have instructed her to take this envelope to any of my techie friends and they would know how to help her get access of all of my online accounts. We need something like this for this team.


*Reminder: *Bryan, you need to get your public key on http://people.apache.org/~bvest/

Regards,
KAM

On 5/15/2017 4:01 PM, Dave Jones wrote:
I setup nesedit and wanted to pass this along. We can put this in the wiki after we have properly vetted any security issues but I think I have it pretty secure.

1. Open an SSH tunnel from your desktop:

ssh -f sa-vm1.apache.org -L 8090:localhost:8090 -N

2. Open http://localhost:8090 from your desktop browser

3. Login with admin/admin

Do we need to change the default admin password? My thought was it's not externally accessible (port 8090 listens on 127.0.0.1 and this port is not opened on the local firewall) and everyone on the server is trusted by SSH keys and has root access anyway.

I think it's secure from the outside and the default admin password is fine in this case.



Reply via email to