Forum OpenACS Development: public key ssh login on openacs.org
We turned off public key ssh login because of this.
Allowing public key ssh login makes the openacs.org box as insecure as the least secure of all of our developer's boxes where public key ssh login. I think it's best we leave it off even though it's a bit inconvenient.
Keep in mind that Mike Sisk is sysadmin'ing the box on a volunteer basis. Those of us who've sysadmin'd it in the past have agreed to let Mike to 99% of the sysadmin work because he's a professional sysadmin, it's best to have one person in charge of keeping up to date with security releases, etc etc etc. Mike asks us for help with postgres and aolserver stuff, and myself, Jeff, Lars and a few others still maintain the CVS access control list, but the core sysadmin stuff is done by Mike.
If the box gets rooted, it will be a big inconvenience for Mike as it involves driving an hour and a half or so down to the datacenter where Furfly's boxes are hosted.
And if Mike's on a roadtrip when it is rooted, either Janine needs to take time off from MIT or openacs.org stays down until he returns or we can arrange for someone else with the needed skills to come to Waltham, Massachussets, get on the datacenter access list, and fix it.
So I think putting security first over convenience is the best thing to do.
Note that when Open Force hosted the box there was no effort to regularly keep up with security patches - Roberto did a big upgrade to a more modern Red Hat release once but there was no regular maintenance. We were just lucky we didn't get rooted under the circumstances. I'm not criticizing Open Force, they hosted the box but we all agreed to play amateur sysadmin on it as volunteers.
But it's Mike's box to run so if you or others can convince Mike to turn it back on ... it's his call.
It would be awfully nice to document that somewhere, like in the CVS instructions. A link to this thread should do the trick, but I don't see how to add it.
Months ago I must have wasted at least several hours repeatedly trying to get no-password public key ssh login to work, asking people on IRC what the heck could be wrong, etc. I'm sure many others have wasted time there too...
We were focused on server issues, like strategizing to move openacs.org off to another server so we can rebuild openacs.org's real server with a clean and known Linux install, etc and I know the folks whose server had been cracked were also really busy undoing the harm.
And many thanks to Mike and all the other volunteers for their sysadmin work of course!
to avoid entering password for cvs actions that don't modify the repository (cvs status, cvs log, cvs diff, cvs annotate etc.) you could use an alias such as
alias cvsanon="cvs -d :pserver:email@example.com:/cvsroot"