[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

server security :: user accounts, ssh, passphrases, etc.

SYSTEM: 

    (1) firewall/router (SmoothWall Express 2.0) which (using NAT)
    provides and protects both a "green" zone for a LAN and an
    "orange" zone ("DMZ") for a publicly-accessible server

    (2) ftp or http server in the DMZ
    
    (3) desktop machine in the LAN from which the sysop maintains the
    server

SITUATION: 

    It is convenient to use "scp" for transferring files between the
    desktop machine in the LAN and the server, and to use "ssh" for
    remote maintenance of the server, again from the desktop machine
    in the LAN.  And to eliminate the constant typing of password,
    ssh-agent can be installed.

    Such remote maintenance of the server from a machine in the LAN
    becomes tedious unless there is on each machine an account with
    the same username, password, and passphrase.

QUESTION:  

    Is there a major or unreasonable security risk if the sysop
    creates on the server an account with the same username, password,
    and passphrase as his account on the desktop machine?  That is, if
    the server is compromised, should the sysop change his password,
    passphrase, etc.?

    If so, what is the recommended alternative?  Is there a HOWTO on
    this subject?

RLH
Reply to: