SSH & root logins

Tony_Schloss_at_ao.uscourts.gov
Date: 02/25/04

  • Next message: Vani Bhat: "SNMP configurations" 
    To: sunmanagers@sunmanagers.org
Date: Wed, 25 Feb 2004 07:55:24 -0500

    Howdee to all,
    I'd very much like to get a rough & informal consensus, as it were, of how
    people are logging into boxes across their own (internal, more or less
    protected) network, as root, and especially if using SSH. We've got some
    disagreement amongst some of the folks at my site, and while I know what
    I'm used to doing (based on a couple of decades in intelligence agencies),
    I'm in a relatively new & different environment than I've been in the
    past, and don't want to force an outdated or overly anal retentive
    security posture on folks when it's neither necessary nor common practice.
     Anyway, to that end, I feel I may be a bit out of touch with some of the
    realities out there in the non-intel world, and am just trying to get a
    feel for what others are doing.

    If you are using SSH, do you rely on public/private key pairs solely,
    disallowing passwords completely for
    all users (including root)? Are you using public/private key pairs for
    regular users but forcing the use of passwords for root? Are you using
    passwords for all users, disallowing public/private key pairs at all? Some
    combination of the above? Or something completely different? And a quick
    follow-up, if you're using public/private key pairs: do you allow,
    encourage, or discourage the use of the ssh-agent to make users' lives a
    but easier when logging into a multitude of machines during the day? Note
    that I'm assuming that telnet is dissallowed (turned off in fact), and
    that any remote login is at least protected by using SSH (i.e., passwords,
    if used, are not going out over the wire in the clear).

    Thanks very much in advance to anyone who has the opportunity to reply;
    I'll be more than glad to summarize the responses.

    Enjoy the day, and be safe!
    Tony Schloss
    _______________________________________________
    sunmanagers mailing list
    sunmanagers@sunmanagers.org
    http://www.sunmanagers.org/mailman/listinfo/sunmanagers

  • Next message: Vani Bhat: "SNMP configurations"

    Relevant Pages

    • Re: Cant log in after password expires
      ... What is the exact error message they get and what is the operating system of ... Can they change their passwords before they expire after logging ... Enable auditing of account ...
      (microsoft.public.win2000.security)
    • Re: changing passwords?
      ... Jerry typed: ... > The machines are joined to the domain and the users are logging into ... Don't change passwords while the users are logged in...keep things simple. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Log on problems on Domain workstations
      ... I have previously been able to correct the problem by logging ... evidently they set the local administrator password to the same as the ... the usernames and passwords are identical to the domain log on info. ... > Microsoft MVP ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Logging attempted passwords
      ... I can even conceive of it being possible to know passwords that ... For a honeypot, it does make sense. ... Or if you're logging to a remote ... a compromise of the system that generated them. ...
      (SSH)