[committee] [wheel] Removal (suspension) of Frekk from wheel

Felix von Perger frekkvb at gmail.com
Sun Oct 20 13:09:03 AWST 2019


Hi all,

As per my previous email, apologies for any confusion and apparent 
fishiness caused in relation to my wheel group status and UCC user 
account (or lack thereof).

My new username is now x (as opposed to frekk), which I took the time to 
update in most records including the SSH key list and the wheel list 
subscriptions shortly after creating the account. I've set up a couple 
of email aliases from x -> frekk -> frekkvb at gmail.com which means I 
should still receive any UCC email which comes my way. Should 
single-character usernames prove to be problematic, I would suggest 
imposing minimum-username-length restrictions.

I've taken the liberty to uncomment my SSH key from 
/home/wheel/bin/uccroot/authroot, add myself back to the hostmasters 
list, and replace my key in uccpass. If someone with existing SSH and 
uccpass key access could please re-push the root keys and reload the 
uccpass store, that would be greatly appreciated.

Thank you for your assistance.

Regards,

Felix von Perger [FVP]

On 12/10/19 6:05 pm, Andrew Adamson wrote:
>> This is quite fishy behaviour, and as such I suggest that we update all
> machine passwords soon in case Felix decides to use passwords to access
> machines now that his key has been
>> disabled.
> This happened literally minutes after [TPG] sent his email.
> He re-subscribed himself to the wheel@ list and uncommented and
> pushed his root key out. Between [TPG] and myself, we:
>
> 1. Firewalled off Felix's home IP addresses
> 2. Removed his root key and re-pushed to all the machines
> 3. Changed the root passwords of core servers and updated uccpass
> 	3.1 Servers with new passwords are: motsugo, mussel, mooneye,
> samson, murasoi, mollitz, merlo, molmol, maltair, medico, loveday
> 4. Removed felix from the hostmasters mailing list - this was necessary to
> change the list passwords without him knowing them
> 5. Changed the mailman list passwords (see uccpass for the new one) and
> re-removed felix from the wheel@ list
> 6. Unfirewalled Felix's home IP addresses
>
> Andrew Adamson
> bob at ucc.asn.au
>
> |"If you can't beat them, join them, and then beat them."                |
> | ---Peter's Laws                                                        |
>
> On Sat, 12 Oct 2019, John Hodge wrote:
>
>> Everyone,
>>
>> I've suspended felix's wheel access by doing the following:
>>
>>   *  Removed him from the mailing list (see the notification just now)
>>   *  Commented out his ssh key (which was labelled "xXx", see below) and re-pushed
>>   *  And removed his key from uccpass (and re-generated)
>>
>> Regarding the ssh key - I've checked the backups and it shows that the key now labelled "xXx" was labelled "frekk... has deleted his account" before the 2019-10-11T02:02 snapshot. This
>> implies that somebody recently changed the name, potentially to prevent whoever went to comment it out or remove it from doing so.
>>
>> This is quite fishy behaviour, and as such I suggest that we update all machine passwords soon in case Felix decides to use passwords to access machines now that his key has been
>> disabled.
>>
>>
>> -- 
>> John Hodge [TPG]
>> UCC Wheel Member
>>
>>


More information about the committee mailing list