Re: server security :: user accounts, ssh, passphrases, etc.
On Wed, Apr 02, 2008 at 08:33:34PM -0500, Russell L. Harris wrote:
> * s. keeling <firstname.lastname@example.org> [080402 19:28]:
> > Russell L. Harris <email@example.com>:
> > >
> > If the server's compromised, you should reinstall.
> My concern is not for corruption of the server. My concern is whether
> -- if I employ on the server the same password and passphrase which I
> employ on the desktop (my principal machine) -- compromise of the
> server necessitates that I change the password and the passphrase on
> the desktop machine.
> In other words, if I were to give you free access to my server, so
> that you could inspect all the system files, would you be able to
> deduce the password and passphrase, which are the same as those which
> I use on the desktop machine?
Well, does the desktop need to run sshd at all, and if so, does it need
to listen to "outside" addresses? If not, and you've deactivated
password logins and you've deactivated root logins, you could give
anyone the root password and there's nothing listening that will let
them into the desktop box.