| |||||||||||||
Bad SecurityBad SecurityPosted Mar 6, 2007 20:04 UTC (Tue) by allesfresser (subscriber, #216)In reply to: Bad Security by bronson Parent article: Single Packet Authorization (Linux Journal)
I find it interesting (and slightly disturbing) that setting up a private-key-only sshd is considered difficult. I find it disturbing because in that case I may have done it incorrectly myself! :) From my understanding all that is necessary is to enable only the PubkeyAuthentication method in sshd_config, place the applicable public keys in the user accounts' ~/.ssh/authorized_keys files, and restart sshd. Is there more to it that I'm missing?
(Log in to post comments)
Bad Security Posted Mar 6, 2007 21:05 UTC (Tue) by gravious (subscriber, #7662) [Link] Er, that's what I do - if there is a step or two (or more heaven forbid) we are missing out, please enlighten us Oh LWN Gurus of Security :)
Bad Security Posted Mar 6, 2007 22:35 UTC (Tue) by bronson (subscriber, #4806) [Link] It's the key management that makes it difficult. If you and a friend are administering four boxes, it's trivial. If 25 admins are responsible for 400 boxes, it gets painful quick. At one place where I consulted, one admin got sick of swapping keys in and out and just set up a single shared key (what I meant by "shared root setup"). Most admins know why it's bad to share a root password but apparently at least one didn't see a problem with sharing a root key. (weird, I know!)
Another problem is that when people set this up, some see it as an opportunity to use a single private key with no password. That's both easier than setting up ssh-agent and more secure, right? Well, if you lose the key (say, a stolen laptop), you've given up the entire farm. Now you need to try to find all copies of the compromised key and update it to your new key. On more than 5 machines that becomes really tedious.
Maybe I just run into stupid/lazy admins a lot more than the average person. :)
|
|||||||||||||