Re: Doing administrative work
- From: Dave Ewart <davee@xxxxxxxxxxxxx>
- Date: Mon, 22 Jan 2007 15:18:52 +0000
On Monday, 22.01.2007 at 09:11 -0500, Roberto C. Sanchez wrote:
On Mon, Jan 22, 2007 at 10:07:19AM +0000, Dave Ewart wrote:
as root. The system is never used in a non-root context.
Therefore, to manage this system I set up no further users other
than root, and install my SSH key in root's account, then
reconfigure SSHd to allow root logins via key only (so that even
someone knowing the root password is unable to login via SSH, unless
it's me with my SSH key); I have
I certainly hope that you have a strong passphrase on the private key
and that you have good physical protection of the host which contains
the private key.
That's an absolute necessity, yes. I would never consider such an
approach if the 'client' machine was in an insecure location, or
'remote' (which is the same thing, in my eyes).
The above example flies in the face of the usual advice, but that'sI don't agree. If you take the same precautions and only allow public
because the circumstances are different and possibly rather extreme.
I don't really need accountability, because I'm the only one with
access. "Adding a non-privileged user and using sudo" would
actually provide less security, because it is adding an additional
potentially-compromisable account to the server.
key logins for the unpriviledged users, then you have exactly the same
level of vulnerability. If you then *completely* disallow remote root
login, then you have lowered your vulnerability even more since the
potential remote attacker would need to first compromise the private
key and passphrase for the unpriviledged account and then *still* need
to figure out the root password or some other means of gaining root
access locally.
Yes, your point is correct, although see below about 'convenience'.
I'm sure I'm opening myself to some criticism by mentioning the
above; please *read* what I've written before replying with "You
shouldn't ever use root directly", because I don't believe that's an
appropriate criticism in this case. ;-)
I did *read* it, BTW. I just think that your rationale that you are
just as safe as using only an unpriviledged user account is wrong.
Now, if you only accessed the machine locally, then you might have a
point. However, for anything that allows remote access across an
untrusted and/or public network, your approach is slightly more
vulnerable than it needs to be.
Thanks for reading and understanding my point.
To be honest, I tend to use this approach on private LANs or in
conjunction with additional security measures (such as VPN). I think
your point is valid: however, given the environment in which I would use
such as setup, the 'convenience' factor makes it worthwhile.
As always, so long as one properly considers the implications andGood point. Many people seem to forget that the driver for taking a
carefully assesses the risks versus conveniences of any particular
setup, you should do fine.
risk should be "the potential bad things that can happen if anything
goes wrong" versus "the benefit I gain from taking the risk."
Absolutely. It would be nice if this approach was more widespread ;-)
Cheers,
Dave.
--
Please don't CC me on list messages!
...
Dave Ewart - davee@xxxxxxxxxxxxx - jabber: davee@xxxxxxxxxx
All email from me is now digitally signed, key from http://www.sungate.co.uk/
Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature
- References:
- Doing administrative work
- From: Jim Hyslop
- Re: Doing administrative work
- From: Dave Ewart
- Re: Doing administrative work
- From: Roberto C. Sanchez
- Doing administrative work
- Prev by Date: Re: Doing administrative work
- Next by Date: Re: Switching to amd64 - is it worth it?
- Previous by thread: Re: Doing administrative work
- Next by thread: Re: Doing administrative work
- Index(es):
Relevant Pages
|
