Not logged in
Log in now
Create an account
Subscribe to LWN
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
I don't see anything fundamentally wrong with using the same account to launch su and to do other things, and I see a major problem with using the same SSH keypair for different purposes.
Fedora to (try to) remove setuid files for F15
Posted Nov 8, 2010 9:25 UTC (Mon) by solardiz (guest, #35993)
(*) I've also seen security compromises propagate from one server to another via scp/sftp/ssh invoked _from_ a server.
What specific major problem do you see with using the same SSH keypair for root and non-root on the same target system? I do see how using different keypairs - only with different and very strong private key passphrases - would potentially improve security a little bit if the "root keypair" is extremely rarely used. But that sounds like more of an exception than the typical case, especially when one has to co-administer many servers. There's simply no other sane choice than to accept some SSH keypair reuse. We typically opt to use one SSH keypair per person per target network or target project:
Posted Nov 9, 2010 3:40 UTC (Tue) by cras (guest, #7000)
BTW. I like your way of getting rid of setuid binaries more. That's actually what I thought F15's plan was when I first read the headline, but then got disappointed.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds