Fernando K pushed to branch main at Root / Serviços / Hosts Conf Commits: f061c95d by Fernando Monteiro Kiotheka at 2025-08-06T16:12:33-03:00 feat: remove trusted user CA keys from sshd_config - - - - - fa13a69f by Fernando Monteiro Kiotheka at 2025-08-06T16:13:15-03:00 fix: remove TrustedUserCAKeys from hosts - - - - - d7d8e7f7 by Fernando Monteiro Kiotheka at 2025-08-06T16:13:28-03:00 Delete mecreddev - - - - - 6 changed files: - defaults/ssh/sshd_config - defaults/ssh/trusted-user-ca-keys.pem - hosts/c3hpc.c3sl.ufpr.br/sshd_config - hosts/lasi.c3sl.ufpr.br/sshd_config - − hosts/mecreddev.c3sl.ufpr.br/users.yml - − hosts/mecreddev.c3sl.ufpr.br/users.yml.old Changes: ===================================== defaults/ssh/sshd_config ===================================== @@ -37,9 +37,6 @@ StrictModes yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/root_keys .ssh/authorized_keys -# Trusted keys of openbao.c3sl.ufpr.br -TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem - # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts ===================================== defaults/ssh/trusted-user-ca-keys.pem ===================================== @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHTuCVsFNOHlNKviBoQGbrM/6r02TiyH6FXcrZA0W8TD+mQi4tcYZaH8o1zaS0LmdDgCjZEdj3+9kVROQg2P4xhF/RSB4LSd2ofkyI7CWUXKgYmuEOeOe6+/BGG5Pm/1CV9UQWAF+U1s5vkcgS6wRkpqkPs3i+oY17IKLOy/mRX6hFxLVgeQWBCfm4rZB5Tc+ke1ioYKxdEgidciG4qpNfHIENUZ9foc2brQMxFJCmFvwc8t1rngG7KYzKx0ARvM0Z0vmAQ+jHUfCrMU1tNaXLDoKldjvfqlg5cPZDQG554fADoR8v9WoGdfaiUIC1wf6oZK5lW2sNWFaalv9xbIlO6bOLbmCSKNgNwTdlkWJSc+kaFM3YtMOt9nh8Ldnl8JIEN7kAUpksc5XOP35RdTWPQlrpXpUwcWuGmjh2AYHH2rFzZrAgH6cuIJrsRvtFLkEcCYLpfFnET9h3KcDvPX991Pg3XEe1MLr25rWe6rr2TG4nywiF4U6YPpmMrfo+p7UdgdWFxciyq8dUI+ESaTHmoJPpVzW34+/GCGwbpi5Xt2vwKdGD6+cHDMkcjciVuh+9v/N8eiU5ll93wfhSC+Ehe0LyZWpqgsE4hX8NisQoTBKwDBSQ6U86PPmzaRkOLWz7h3G+StOJsMVVzkz3kmGhbRmNriC/JgvlpIRYj9Uk/w== +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHTuCVsFNOHlNKviBoQGbrM/6r02TiyH6FXcrZA0W8TD+mQi4tcYZaH8o1zaS0LmdDgCjZEdj3+9kVROQg2P4xhF/RSB4LSd2ofkyI7CWUXKgYmuEOeOe6+/BGG5Pm/1CV9UQWAF+U1s5vkcgS6wRkpqkPs3i+oY17IKLOy/mRX6hFxLVgeQWBCfm4rZB5Tc+ke1ioYKxdEgidciG4qpNfHIENUZ9foc2brQMxFJCmFvwc8t1rngG7KYzKx0ARvM0Z0vmAQ+jHUfCrMU1tNaXLDoKldjvfqlg5cPZDQG554fADoR8v9WoGdfaiUIC1wf6oZK5lW2sNWFaalv9xbIlO6bOLbmCSKNgNwTdlkWJSc+kaFM3YtMOt9nh8Ldnl8JIEN7kAUpksc5XOP35RdTWPQlrpXpUwcWuGmjh2AYHH2rFzZrAgH6cuIJrsRvtFLkEcCYLpfFnET9h3KcDvPX991Pg3XEe1MLr25rWe6rr2TG4nywiF4U6YPpmMrfo+p7UdgdWFxciyq8dUI+ESaTHmoJPpVzW34+/GCGwbpi5Xt2vwKdGD6+cHDMkcjciVuh+9v/N8eiU5ll93wfhSC+Ehe0LyZWpqgsE4hX8NisQoTBKwDBSQ6U86PPmzaRkOLWz7h3G+StOJsMVVzkz3kmGhbRmNriC/JgvlpIRYj9Uk/w== ssh-client-signer@openbao.c3sl.ufpr.br ===================================== hosts/c3hpc.c3sl.ufpr.br/sshd_config ===================================== @@ -42,8 +42,6 @@ Port 80 # Expect .ssh/authorized_keys2 to be disregarded by default in future. AuthorizedKeysFile .ssh/authorized_keys .ssh/root_keys -TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem - #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none ===================================== hosts/lasi.c3sl.ufpr.br/sshd_config ===================================== @@ -37,9 +37,6 @@ StrictModes yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/root_keys .ssh/authorized_keys -# -TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem - # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts ===================================== hosts/mecreddev.c3sl.ufpr.br/users.yml deleted ===================================== @@ -1,57 +0,0 @@ -users: -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtcZDkZPQmZlLhzmxNZu7LjVdr7sfbk9iSa1+v+vqpl - esrsc23@inf.ufpr.br - user: esrsc23 -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKohicQbPR596ZOVjkfM/ZrSYJUO1fJiOFAv0T/2rVKI - gcboneti@inf.ufpr.br - user: gcboneti -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeQHrdwtESdH3zcu3aTz9McJHIloDQLqZr7tHcmSp5B - gfd23@inf.ufpr.br - user: gfd23 -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINa5inpRS2FBgnrdpao7MiOFvW8wXsz7daqojiC+nucN - gus@pc - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLytX6Oewa3qQhphS59q0cUXtsrRt5pj4n9l/ZAJMz7 - gsf20@inf.ufpr.br - user: gsf20 -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPYBT+g7tQeEsw/ljP3UCzIKAJIwAoik6vFwCitc0ao5 - jsk22@inf.ufpr.br - user: jsk22 -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMJrsEh9ntm2M7TyaVlsxPwO6fP4Awr9fi+rijU137dt - mcs22@inf.ufpr.br - user: mcs22 -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgn168HznVyMmUvevGswPcL27mnQUG9eLOFbXNg174T - heise@raven - user: rfhferreira -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMq0SJFTFR9LsRW0P5pgjp4BmA8Gkr+TtXYjlLF4OPxr - rpf23@inf.ufpr.br - user: rpf23 -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlj+lbM1iPKk4DivhTVr9qemiqE6WIIKSUqBF6aPHuM - tbt20@inf.ufbr.br - user: tbt20 ===================================== hosts/mecreddev.c3sl.ufpr.br/users.yml.old deleted ===================================== @@ -1,63 +0,0 @@ -users: -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtcZDkZPQmZlLhzmxNZu7LjVdr7sfbk9iSa1+v+vqpl - esrsc23@inf.ufpr.br - user: esrsc23 -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKohicQbPR596ZOVjkfM/ZrSYJUO1fJiOFAv0T/2rVKI - gcboneti@inf.ufpr.br - user: gcboneti -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeQHrdwtESdH3zcu3aTz9McJHIloDQLqZr7tHcmSp5B - gfd23@inf.ufpr.br - user: gfd23 -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINa5inpRS2FBgnrdpao7MiOFvW8wXsz7daqojiC+nucN - gus@pc - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLytX6Oewa3qQhphS59q0cUXtsrRt5pj4n9l/ZAJMz7 - gsf20@inf.ufpr.br - user: gsf20 -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPYBT+g7tQeEsw/ljP3UCzIKAJIwAoik6vFwCitc0ao5 - jsk22@inf.ufpr.br - user: jsk22 -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMJrsEh9ntm2M7TyaVlsxPwO6fP4Awr9fi+rijU137dt - mcs22@inf.ufpr.br - user: mcs22 -- groups: - - root - keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDb0Hg2c1822oOmFUTBeXGxeduGcW9FD54Ob2LXJxoyj6GJBNmvynZP5bgGqwG3CMGjYNWmpRAcgRxsaCCqd0mS4BVLnWsGfys39Tdn48E13j6VZkYgJBQ8EEL8ILyfBgztGHO+EX43Kq6/eQOokfGD/sK2wOFb+sw0OtYVcoHPkYtxOL1CWCd0zyY3Y2f9XEaBhSLCo3Hx9QVzDXw5O2BnBDGM02JF+BiEaPYFK36uT830ZKoY87t5fRGdppjGC9BFAlVL9qiZ4NrX3i64XBP+acopUNmoqJ3A5n33nxql6fROljo0Lxy1sC7Acrjd9hk2szIoAN33/3dGxrENlu0G2krFbunSu0RDwua/Ge2y9a3aR9FKIBXD1KhcXqEel76f97dF5oXEEcp3vHFlEefB1znKSiCW7YZ4rjZUYdoniGZC/d4T2Z5TFrdjqCSNWO/BjKSEBaPMuvUOrITbyw/ZcJ+lhgHWnr2v3FNOTMVDyc4xomF5Qly8ZCgyAyYR06c= - nar20@inf.ufpr.br - user: nar20 -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgn168HznVyMmUvevGswPcL27mnQUG9eLOFbXNg174T - heise@raven - user: rfhferreira -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMq0SJFTFR9LsRW0P5pgjp4BmA8Gkr+TtXYjlLF4OPxr - rpf23@inf.ufpr.br - user: rpf23 -- groups: - - root - keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlj+lbM1iPKk4DivhTVr9qemiqE6WIIKSUqBF6aPHuM - tbt20@inf.ufbr.br - user: tbt20 View it on GitLab: https://gitlab.c3sl.ufpr.br/root/services/hosts-conf/-/compare/5a361f8ee4f60... -- View it on GitLab: https://gitlab.c3sl.ufpr.br/root/services/hosts-conf/-/compare/5a361f8ee4f60... You're receiving this email because of your account on gitlab.c3sl.ufpr.br.