[kepler-dev] CVS system changes

Matt Jones jones at nceas.ucsb.edu
Mon Apr 3 17:56:07 PDT 2006 

Hi,

You've probably noticed that the CVS server on cvs.ecoinformatics.org 
has been down for several days due to a security incident.  If not, then 
this message might not be of interest to you.  If so, read on...

The CVS server was used by Kepler, SEEK, EML, Metacat, Morpho, VegBank, 
WOW and other open source development projects.  It is now back online.

We have replaced the old CVS server with a new one at the same address. 
  Because the old server was compromised and many account passwords were 
captured, we have had to reset everyone's password and be more 
restrictive about our access.  As a result, none of the previous account 
passwords will work on the new machine (and all public keys were removed 
so automatic login will not work either).  To regain your cvs account 
password, do the following:

1) Go to https://ldap.ecoinformatics.org
    1a) Reset your password using the web form and your account username
    1b) Find the email sent to you with the new password and return to
           https://ldap.ecoinformatics.org
    1c) Change your password to a NEW password you like -- do not use
           your previous password as it was likely compromised by our
           intruder.

2) From one of your cvs checkouts, try 'cvs update' to see if it works 
for you with the new password.  If it doesn't work for you, send a note 
to 'pmc at ecoinformatics.org' describing the problem and we will help work 
it out.

That's it.

Thanks for your understanding during this difficult recovery.  We have a 
lot of web sites to recover and systems to bring back online -- if you 
see anything out of order please report it to 'pmc at ecoinformatics.org' 
and we'll get it resolved.

Matt

P.S. The new account is a restricted shell, so you can't ssh to it -- 
the only commands you are allowed to run are cvs and scp and sftp.

P.P.S We haven't tested whether public key access to these new accounts 
works well or not, but have one report that it works.  If you want to 
set up public key access, generate a new key for yourself using your 
client ssh tools, create an authorized_hosts file with the public key in 
it, and then sftp to cvs.ecoinformatics.org and put your authorized_keys 
file into the .ssh directory on cvs.ecoinformatics.org (you might need 
to create the directory first before the 'put' command).

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Matt Jones                                   Ph: 907-789-0496
jones at nceas.ucsb.edu                    SIP #: 1-747-626-7082
National Center for Ecological Analysis and Synthesis (NCEAS)
UC Santa Barbara     http://www.nceas.ucsb.edu/ecoinformatics
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

More information about the Kepler-dev mailing list