SSH Private Key Handling Policy?



All, I've reached an impasse' with our Unix folks and am looking for
some outside opinions on how others have dealt with a similar issue.
Any thoughts/direction you can provide would be much appreciated...

Scenario:
We have several hundred Solaris/Linux servers and its recently come to
the security group's attention that the Unix admins are using SSH
RSA/DSA keys instead of password authentication. No issues with that.
They are also using the SSH keys inside scripts to authenticate
service accounts communicating between boxes. No issues there either,
however (and this is the rub), they are keeping the private keys
unencrypted so the scripts are never prompted for a password - the
script fires, gets the key, and auths without any prompting and
therefore creating "passwordless/promptless SSH". The keys are owned
by the service accounts to which roughly 100 people have access (unix
admins, dba's, and the application admin teams). All it would take is
a disgruntled employee to start snagging keys and start logging into
the boxes causing havoc as the service user(s).

So we've asked the Unix teams to secure the keys but their suggested
method is to make the keys owned by root then have users run a script
which would in essence sudo to root and use the key to open a
connection then sudo back to their user. They've encrypted the private
keys with a passphrase ... but set the passphrase to nothing (blank
password). Obviously that doesn't work either. We've suggested the
ssh-agent approach outlined in Daniel Robbins article here -
http://www.ibm.com/developerworks/library/l-keyc.html - but they don't
want to take that approach because it requires them to enter the
passphrase which would have to be stored in the script calling the
service account login process.

Any ideas?

mh

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Where are the strings in gc.get_objects?
    ... script to show the numbers of each different type of object. ... for key in keys: ... I get similar results on both Python 2.4 and Python 2.5. ... Can anyone explain were the strings are? ...
    (comp.lang.python)
  • RE: Force delete Reg Key
    ... But as a domain administrator shouldn't you have full permissions over ... The following script let the current user take ownership on all ... keys and values to the current user. ... Set oShell = Wscript.CreateObject ...
    (microsoft.public.scripting.vbscript)
  • Re: Where are the strings in gc.get_objects?
    ... The following script dumps all objects allocated since the last time it was ... g.app.idDict is a dict whose keys are idand whose values are obj. ... The isLargeItem function is ... getNewObjects> ...
    (comp.lang.python)
  • Re: windows explorer opens at startup
    ... The script warning is normal, ... is normal if you have "Script Safe" or similar technology enabled. ... but they do make changes to the System Registry. ... one of the registry keys I looked at had that /L:ENG in it too. ...
    (microsoft.public.windowsxp.general)
  • Re: insert, delete, home and end keys in xterm (nojvm/nodesktop)
    ... and delete) do not behave as they do on a regular unix command line. ... The behaviours you describe for those keys for a "regular unix ...
    (comp.soft-sys.matlab)