Secure SSH setup, especially on build servers
- https://matrix.org/blog/2019/04/11/security-incident/
- https://github.com/matrix-org/matrix.org/issues/created_by/matrixnotorg
- https://web.archive.org/web/20190412143901/https://github.com/matrix-org/matrix.org/issues/
- https://doi.org/10.6028/NIST.IR.7966
-
determine needs of our users
- copy packages from build server to orion
- sign packages on build server
- svn?
- anything else?
-
implement solutions
-
disable all unneeded access; implement all useful security ideas from the NIST paper
-
verify that new setup is secure
Migrated from: https://kanboard.archlinux.org/project/1/task/132
Edited by Sven-Hendrik Haase