On 2/18/2016 5:05 PM, Roman wrote:
> Seriously, you have to trust someone to achieve goals. So accessing
> server via ssh keys is pretty normal and secure + ldaps auth of course
> (centralized account management), so if someone leaves, just disable
> his account. sudo supports ldap auth, kind of on group level, so if
> user even got into a server for some reason, he can't become root,
> because his account was deleted and not in sudo enebled group anymore.
>
> After you configure the ldap and sudo for this scenario, just disable
> password auth and root login in ssh conf. Also setup firewall to
> enable ssh from known IP addresses only (here comes VPN into the game,
> if needed) and move SSH port to something else, but 22. You will be as
> safe as ldap and ssh and ssl are (exploits, exploits.. they're
> everywhere, you can't be 100% secure unless you disconnect the network
> cable from your server, remove the keyboard and USB ports)
>
> So basically security is all about trusting. You HAVE to choose whom
> (and what) you trust.
> --
> Best regards,
> Roman.
I can show a couple examples of just simply having the centralized
account management can fail... in both cases the password was locked but
I had an SSH identity key already setup on the account. I was till able
to log into the server even with my account locked in the LDAP
centralized account management because the SSH keys were still
authorized. As well I had password-less sudo "NOPASSWD:" entries so I
still had full admin rights while being locked out.
All that to say, don't just assume things are secure you have to
verify and maintain it.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature