Re: Allowing remote root login seems to be bad. Why? (SUMMARY)



Hari Sekhon wrote:
I am a little surprised people have not been talking about ssh-key-only logins (but then I didn't bother mentioning it until now either... ;-) )

In my experience, using public key authentication is often more of a security risk, depending on the situation. If the remote machine that holds the private key (and some store this with no password for convenience) is compromised, they immediately have an open door into your server. You may have no control how passwords are enforced, updates are applied, or if any security is implemented on the remote end. Setting up public key authentication, in effect extends your "trust domain" to a server that may not be so trust worthy. To me, it makes more sense to rely on security I can control. (which is often not the case if it is some other user's office desktop or workstation)

-Bond



Relevant Pages

  • Secruity on remote folders
    ... This said, we need to access the security ... Create a new Win32_Trustee ManagementObject from ManagementClass. ... Make sure you're using the scope which points to the remote machine. ... Convert the current Dacl to an array list and add your ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Routing Morpheus through AOL
    ... Considering this group is supposed to be for network administrators who ... but a group for people to openly discuss firewalls and security issues. ... The underlying concept here is that you need to have access to a remote machine ... > restricted by your university firewall, which then will serve as your unrestricted virtual connection to ...
    (comp.security.firewalls)
  • Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
    ... Allowing remote root login seems to be bad. ... using public key authentication is often ... security risk, depending on the situation. ... domain" to a server that may not be so trust worthy. ...
    (SSH)
  • Re: Routing Morpheus through AOL
    ... this is NOT a group for network administrators who wish to keep people ... from running Morpheus, but a group for people to openly discuss firewalls and security issues. ... ComSocks, but if it's a data proxy that you can setup on a remote machine, you can probably ...
    (comp.security.firewalls)
  • Re: Remote X over rsh
    ... Currently while in a usual session, ... I'm aware of the security issues of rsh however, ... The usual setup is to have just one "Standard" server. ... You also have to configure the remote machine to accept remote logins. ...
    (comp.os.linux.x)