So recently Github have change policy and only allow SSH key for authentication
So I added a public SSH key from outside contributor to my account, but will this give the full access to this outside contributor to all my repos with read/write permissions?
this outside contributor should only have access to certain repo in my account, not other repos.
so my concern is , will this add SSH key will allow her to have full access??
Please help me understand, how exactly adding a SSH key will compromise the account security??
Thanks in advance.
It is not the case that GitHub has changed to allow only SSH keys for authentication. GitHub used to allow users to use a username and password over HTTPS if they were not using 2FA, a username and personal access token over HTTPS, or SSH using an SSH key. The only thing that has changed is that you can no longer use a username and password for HTTPS; you must use a personal access token instead of a password if you wish to use HTTPS.
If you give another user one of your personal access tokens or add one of their SSH keys to your account, they will have access to all of your repositories. This is insecure, and so you should not do it.
Instead, you should grant your contributor access using the Manage Access interface, and make sure they can access the repository using their own account. If they are using HTTPS, then they may need to either switch to SSH by changing the URL with git remote set-url git#github.com/owner/name.git (replacing owner and name) or just follow the directions outlined in this answer.
The fact that a contributor cannot access their own account is an issue that they need to address instead of having them access your account.
Yes, putting someone else's ssh key in your account will give them full access to all your repositories.
If you want to grant someone else access to your repositories, don't add their ssh key anywhere. Just set up the access permissions on your repositories to grant access to their github account. You can find access permissions by going to "Settings" and then selecting "Manage access" (this will take you to something like https://github.com/yourname/yourrepo/settings/access).
You'll find some documentation on this process here.
Related
If I enable SSH authentication for an Azure DevOps organization, will that enforce (only allow) SSH key pairs to be used for Git authentication requests, explicitly? Or will existent OAuth tokens still work as-intended after enabling SSH keys? In my scenario, currently, SSH authentication is disabled and Third-party application access via OAuth is enabled going into this question. Thanks for your time. ( Options found under: Azure DevOps > Organization Settings (bottom left) > Policies (left middle) )
I am assuming enabling both allows for either to be used, but want to confirm before potentially blocking developers from being able to push code.
I would like all developer workstations to use SSH key authentication instead of OAuth, and don't want to put a wrench in their system in the meantime. Also I much prefer using private key authentication simply because of the inherent security benefits of using asymmetric cryptography.
It's safe to enable. We have it enabled in our organization, and almost none of us actually have added SSH keys. We're pretty much exclusively OAuth.
By default, your organization allows access for all authentication methods(OAuth, SSH authentication, PATs). You can limit access, but you must specifically restrict access for each method. When you deny access to an authentication method, no application can access your organization. Any app that previously had access gets an authentication error and has no access to your organization.
So enabling SSH authentication will not affect OAuth authentication.
Here is the official document you can refer to.
We currently host >50 client sites within cPanel which we manage via SFTP using separate account username + passwords for each. It would be beneficial for us to switch to a key-based login and disable passwords.
How would you go about doing this so you could login in to any one of the client sites? The clients themselves never have access which is limited to our in-house developers.
Would it be a bad idea to share a single key between all of them?
Yes, it's very bad idea to use same key for your all 50 sites, I will suggest you create separate key for your all sites and use that to login instead of password.
I'm running GitLab and ownCloud on my webserver. I use it mainly for myself, but I want to let some of my friends use it for some projects. My problem: I want to centralize the authentication process. This means I only want one account for OwnCloud and GitLab. I know both support LDAP as authentication backend. However, are there any restrictions I that might encounter?
GitLab CE only allows one LDAP Server and one base DN so keep that in mind if you decide to how you organize your domain. ownCloud on the other hand supports multiple servers and base DN. Don't forget to create a user which will read from the active directory to check credentials.
I am a newbie for Web Host Manager(WHM). My client has 2 websites hosted on same server. He has given me the credentials for cPanels and WHM. Now when I want to change some setting or access any configuration file from SSH using the user created for a specific account, it blocks me to do so saying this user account does not have privilege to do so. Is there a way I can get a root user privilege?
It's not possible to assign all root privileges to any normal cPanel account. If you have WHM access then login your WHM and enable shall access for that particular account which you want to access through SSH and after that you can login SSH with that user details.
I have integrated milton webdav with hadoop hdfs and able to read/write files to the hdfs cluster.
I have also added the authorization part using linux file permissions so only authorized users can access the hdfs server, however, I am stuck at the authentication part.
It seems hadoop does not provide any in built authentication and the users are identified only through unix 'whoami', meaning I cannot enable password for the specific user.
ref: http://hadoop.apache.org/common/docs/r1.0.3/hdfs_permissions_guide.html
So even if I create a new user and set permissions for it, there is no way to identify whether the user is authenticate or not. Two users with the same username and different password have the access to the all the resources intended for that username.
I am wondering if there is any way to enable user authentication in hdfs (either intrinsic in any new hadoop release or using third party tool like kerbores etc.)
Edit:
Ok, I have checked and it seems that kerberos may be an option but I just want to know if there is any other alternative available for authentication.
Thanks,
-chhavi
Right now kerberos is the only supported "real" authentication protocol. The "simple" protocol is completely trusting the client's whois information.
To setup kerberos authentication I suggest this guide: https://ccp.cloudera.com/display/CDH4DOC/Configuring+Hadoop+Security+in+CDH4
msktutil is a nice tool for creating kerberos keytabs in linux: https://fuhm.net/software/msktutil/
When creating service principals, make sure you have correct DNS settings, i.e. if you have a server named "host1.yourdomain.com", and that resolves to IP 1.2.3.4, then that IP should in turn resolve back to host1.yourdomain.com.
Also note that kerberos Negotiate Authentication headers might be larger than Jetty's built-in header size limit, in that case you need to modify org.apache.hadoop.http.HttpServer and add ret.setHeaderBufferSize(16*1024); in createDefaultChannelConnector(). I had to.