On Thu, Jan 27, 2011 at 6:40 AM, Stephen Harris <lists@xxxxxxxxxx> wrote:
> On Thu, Jan 27, 2011 at 02:39:29AM -0500, Nico Kadel-Garcia wrote:
>> Wrong again. Never use public key access for root accounts, it simply
>> compounds the security risks. Passphrase protected SSH keys can be
>
> That is 100% backwards. *NEVER* use password authentication for root
> (passwords are easier to brute force 'cos people choose bad passwords).
> Use ssh public key access for root, with appropriate restrictions
> (eg "from=").
Nope. Ideally, use *neither* for root. Allow root access only from the
local console or a local shell with "su", or "sudo" if you want to
share access. That provides much superior tracking of the root access
and whose account was used for the inappropriate access.
Remote root access in SSH should be avoided altogether, but if
necessary, the SSH keys can be a big issue becuase of people who give
exactly the advice we just saw. "Generate an unprotected key and
publish it to the root account!" is, unfortunately, far too common,
and we just saw someone suggest *exactly* that.
Root does not, generally, need password-free access. If it does, SSH
keys can provide some restrictions on it, as can sudo for other
accounts to allow them only specific root activities. But root access
without making you actually put in a password and think about what
you're doing is *begging* for pain.
In fact, the likely pain is only partially from stolen keys. It's also
from people doing things as root without thinking about them, and
making mistakes.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
