On Wednesday, 12 May 2021 23:35:44 EEST Ben Cotton wrote: > * it has been suggested that making it easier to import SSH keys from > popular code hosting platforms (Pagure, GitHub, GitLab, etc.) could > provide a nice alternative to the dropped option -
Make a plugin interface for adding additional methods to obtain public keys as there are a lot different sources for those. Fedora itself has tools for PKI and public key based security and it would be quite low hanging fruit to fill the gap between those components, in cases like this. Problem itself is old one and there are known solutions for it: https://en.wikipedia.org/wiki/Public_key_infrastructure Maybe that plugin slot should have some callbacks to information for user interface - like hierarchial selection of country/organization and UI-labels to build an user interface for user, allowing to select right source of keys. For example, my public key is available from public source: ldapsearch -x -h ldap.fineid.fi -b dmdName=fineid,c=fi serialnumber=10000350X usercertificate and response: usercertificate;binary:: MIIHMjCCBRqgAwIBAgIEO8QJwTANBgkqhkiG9w0BAQsFADCBlDELM AkGA1UEBhMCRkkxITAfBgNVBAoTGFZhZXN0b3Jla2lzdGVyaWtlc2t1cyBDQTEkMCIGA1UECxMbVm FsdGlvbiBrYW5zYWxhaXN2YXJtZW50ZWV0MTwwOgYDVQQDEzNWUksgR292LiBDQSBmb3IgQ2l0aXp lbiBRdWFsaWZpZWQgQ2VydGlmaWNhdGVzIC0gRzIwHhcNMTYwNjE0MDkxMzAxWhcNMjEwNjEzMjA1 . . . Ideally I would just choose country, trust provider and insert my unique serial number, and tadaa - a root access granted. Now I have to do that manually. The change itself is needed, take a look what happens at your network connected host's /var/log/secure - it's a constant flow of intrusion attempts. Tuju -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
