Hi,
Hmm.
Just checked the CE here and found that at 12:43 today someone copied
ssh keys into ~/.ssh
This seems fairly clearly an abuse of someones certificate.
I am entirely happen to 'name' this person. I suggest other sites may
want to check ls -latrh /home/*/.ssh
Owen.
Dan Schrager wrote:
> I could give you the details of the certificate.
> There is someone that had tried to bypass the certificate authentication
> by inserting ssh keys into the ~/.ssh directory to which it had been
> mapped on our public CE.
>
> Until further checks I will postpone the "name and shame" policy...
>
>
>
> Bly, MJ (Martin) wrote:
>
>> I suppose it is politic to ask: if you feel the need to urgently
>> blacklist a user, should we all be doing the same?
>> Martin.
>>
>> -----Original Message-----
>> From: LHC Computer Grid - Rollout
>> [mailto:[log in to unmask]] On Behalf Of Dan Schrager
>> Sent: Monday, June 13, 2005 3:57 PM
>> To: [log in to unmask]
>> Subject: [LCG-ROLLOUT] How to blacklist a certificate at site level ??
>>
>>
>> Hi everybody,
>>
>> There is an urgent need at our site to blacklist a certificate.
>>
>> Please advice how can this be done at local, gatekeeper(?) level.
>>
>> Regards,
>> Dan
>>
>>
--
=======================================================
Dr O J E Maroney # London Tier 2 Technical Co-ordinator
Tel. (+44)20 759 47802
Imperial College London
High Energy Physics Department
The Blackett Laboratory
Prince Consort Road, London, SW7 2BW
====================================
|