On 2/18/2016 5:05 PM, Roman wrote: > Seriously, you have to trust someone to achieve goals. So accessing > server via ssh keys is pretty normal and secure + ldaps auth of course > (centralized account management), so if someone leaves, just disable > his account. sudo supports ldap auth, kind of on group level, so if > user even got into a server for some reason, he can't become root, > because his account was deleted and not in sudo enebled group anymore. > > After you configure the ldap and sudo for this scenario, just disable > password auth and root login in ssh conf. Also setup firewall to > enable ssh from known IP addresses only (here comes VPN into the game, > if needed) and move SSH port to something else, but 22. You will be as > safe as ldap and ssh and ssl are (exploits, exploits.. they're > everywhere, you can't be 100% secure unless you disconnect the network > cable from your server, remove the keyboard and USB ports) > > So basically security is all about trusting. You HAVE to choose whom > (and what) you trust. > -- > Best regards, > Roman. I can show a couple examples of just simply having the centralized account management can fail... in both cases the password was locked but I had an SSH identity key already setup on the account. I was till able to log into the server even with my account locked in the LDAP centralized account management because the SSH keys were still authorized. As well I had password-less sudo "NOPASSWD:" entries so I still had full admin rights while being locked out. All that to say, don't just assume things are secure you have to verify and maintain it.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature