[lug] root password
Evelyn Mitchell
efm at tummy.com
Wed Aug 2 12:55:18 MDT 2006
I've been following this discussion about passwords with some interest.
Passwords are legacy technology :)
I blogged about the alternatives to passwords:
tummy.com uses SSH keys, not passwords for remote and administrative
access. One of the most sensitive times for security is during a change
in personnel. Passwords are impossible to revoke out of someone's head,
while an SSH key is easily removed. Additionally, SSH key authentication
with ssh-agent is not vulnerable to trojaned intermediate systems
sniffing passwords.
We recommend our clients also use SSH for all remote access. Further, we
recommend that "telnet" and "rlogin" and other similar un-encrypted
access mechanisms be completely disabled. SSH is easy to set up and
maintain on Linux, and provides a small performance increase on the
transmission speed. Wherever practical, we also recommend POP and IMAP in
particular be SSL encrypted, and (to a slightly lesser extent) SMTP.
This post http://www.tummy.com/journals/entries/efm_20041212_160934
contains a description of a variety of security policies and practices to consider.
Hope this helps.
Evelyn Mitchell
* On 2006-08-02 12:17 Rob Nagler <nagler at bivio.biz> wrote:
> Bear Giles writes:
> > root access, the "somebody reset the root password on a shared
> > machine..." approach doesn't work well in practice.
>
> This is our standard mode of operating. We don't use sudo. We've
> never had a external or internal security problem.
>
> sudo removes one level of password security, and introduces many more
> passwords that have root access. It's less secure, but more
> convenient.
>
> If you have high turnover of people who have root access, slow down
> the process of giving out the root password. We have a formal
> ceremony giving people the root password(s). This happens when we're
> very sure the person is going to stay, and s/he has the necessary
> skills and attitude to handle root access.
>
> Anybody who leaves our company is still under non-disclosure, and more
> importantly, they have been vetted (after our three month period) to
> not be someone who will go postal. This gives us breathing room on
> changing the root password at our convenience. Yes, there may be the
> rare situation where you need to change the root password immediately,
> but then you will also need to change a lot of other passwords, too,
> including verifying there are no hidden ssh authorized_key entries or
> other trojan horses lying around.
>
> Rob
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
This email is: [ ] actionable [x] fyi [ ] social
Response needed: [ ] yes [x] up to you [ ] no
Time-sensitive: [ ] immediate [x] soon [ ] none
--
Regards, tummy.com, ltd
Evelyn Mitchell Linux Consulting since 1995
efm at tummy.com Senior System and Network Administrators
http://www.tummy.com/
More information about the LUG
mailing list