Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
[Please don't cc me; I'm on the list]
On 19/02/16 11:05, Roman wrote:
> 2016-02-18 22:30 GMT+02:00 Richard Hector <richard@walnut.gen.nz
> <mailto:richard@walnut.gen.nz>>:
>
>
>
> I think a better solution in the end is to generate a random password
> for each box, and leave it, on paper, in a safe or similar. It's very
> rare anyone needs to use it.
>
>
> Here is a hint (joke), how to secure root password for servers that are
> physically accessible.
> Just generate a random password during install long enough to be not
> able to remember it. Do not write it down, continue installation.
That's just a marginally less secure version of locking it :-)
> At any given time you need the root session, just get the disk drive
> from your server and connect it to another machine, then just replace
> the hash to one you know password for in /etc/shadow. Place your drive
> back and boot up. After you finish the work, change your root password
> again to some crazy piece of random.
>
... or just boot from usb/cd/floppy/tape/whatever :-)
Richard
Reply to: