Re: ssh keys

To: debian-user@lists.debian.org
Subject: Re: ssh keys
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Mon, 6 Feb 2006 02:42:51 -0800
Message-id: <[🔎] 20060206104251.GK30587@localhost>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <200601241544.38827.baloo@ursine.ca>
References: <200601231518.28170.pablo.fernandez@reliable.com.ar> <200601231626.50708.pablo.fernandez@reliable.com.ar> <20060124163610.GC1651@alfa.qvirt.zxc> <200601241544.38827.baloo@ursine.ca>

on Tue, Jan 24, 2006 at 03:44:34PM -0800, Paul Johnson (baloo@ursine.ca) wrote:
> On Tuesday 24 January 2006 08:36, Juraj Fedel wrote:
> > On Mon, Jan 23, 2006 at 04:26:47PM -0300, Jos? Pablo Ezequiel Fern?ndez 
> wrote:
> > > On Mon 23 Jan 2006 15:53, Andreas Janssen wrote:
> > > > Are root logins allowed on the server? What does the server's auth.log
> > > > say?
> > >
> > > That was it, thank you!
> > How do you enable root login if they are disallowed?
> 
> Don't.  Log in as a normal user and use su or sudo.

Most preferably sudo.

The reason being:  while it's still possible that a user account may be
compromised:

 1. If you're using sudo, not 'su', then you may be able to keep the
    root password from being a widely known secret.  Which is to say,
    not a secret.  Very poor (if however, common) practice.

 2. You can now identify *which* user account is compromised.  If you
    can do this *before* root is compromised, you may be able to both
    prevent a root compromise *and* block that user from accessing until
    they've resecured their own authentication tokens.

 3. Even should root be compromised, following a restore/rebuild of your
    system from known trusted media, you can then limit access by the
    account(s) known to be untrusted.  Pariticularly if you limit remote
    SSH access to other than persistent password tokens (e.g.:  public
    key authentication, one-time passawords, password generators, etc.).


While it's true that evil evildoers of evil can do things like wipe logs
(you *do* have a remote, separately authenticated logging host, right?),
you've got a much better likelihood of being able to determine the route
by which an attacker gained access to your system and take appropriate
countermeasures.

Suddenly finding out that "root isn't trusted" and having nothing to go
on is a markedly worse situation.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    MX Radio - With Bob Edwards, who needs NPR?       http://www.xmradio.com/

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Re: High availability interner connection
Next by Date: Re: vi trying to connect to X
Previous by thread: Re: udev strangeness in Sid?
Next by thread: Re: Azureus and the TCP port 6881
Index(es):
- Date
- Thread