SSH & root logins

From: Tony_Schloss@ao.uscourts.gov
Date: Wed Feb 25 2004 - 07:55:24 EST

• Next message: Vani Bhat: "SNMP configurations"
• Previous message: Jason.Shatzkamer@cexp.com: "[Summary] Diagnosis fun..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Howdee to all,
I'd very much like to get a rough & informal consensus, as it were, of how
people are logging into boxes across their own (internal, more or less
protected) network, as root, and especially if using SSH. We've got some
disagreement amongst some of the folks at my site, and while I know what
I'm used to doing (based on a couple of decades in intelligence agencies),
I'm in a relatively new & different environment than I've been in the
past, and don't want to force an outdated or overly anal retentive
security posture on folks when it's neither necessary nor common practice.
 Anyway, to that end, I feel I may be a bit out of touch with some of the
realities out there in the non-intel world, and am just trying to get a
feel for what others are doing.

If you are using SSH, do you rely on public/private key pairs solely,
disallowing passwords completely for
all users (including root)? Are you using public/private key pairs for
regular users but forcing the use of passwords for root? Are you using
passwords for all users, disallowing public/private key pairs at all? Some
combination of the above? Or something completely different? And a quick
follow-up, if you're using public/private key pairs: do you allow,
encourage, or discourage the use of the ssh-agent to make users' lives a
but easier when logging into a multitude of machines during the day? Note
that I'm assuming that telnet is dissallowed (turned off in fact), and
that any remote login is at least protected by using SSH (i.e., passwords,
if used, are not going out over the wire in the clear).

Thanks very much in advance to anyone who has the opportunity to reply;
I'll be more than glad to summarize the responses.

Enjoy the day, and be safe!
Tony Schloss
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Vani Bhat: "SNMP configurations"
• Previous message: Jason.Shatzkamer@cexp.com: "[Summary] Diagnosis fun..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:28:07 EDT