[NTLUG:Discuss] ssh keys

[Chris Cox]

MadHat wrote:
...
> ssh as root?  That is bad.  Have an automation account with limited sudo 
> access, specifically to run one or two commands.  Then you have that 
> account already installed on the ghost image, or added as part of the 
> install process.  The sudo access would be to add packages, for 
> instance, then you could have the user accounts as packages, like as an 
> RPM.  only allow the automation account to rum rpm passwordless via 
> sudo. then you when you run 'ssh host "sudo rpm -i 
> http://central.server/user.rpm"' the user's credentials and ssh keys are 
> installed.
> 
> I just don't like the idea of having ssh as root enabled anywhere.   I 
> don't even know the root password on a machine or 2 I admin.  no reason to.


I agree about the danger of ssh'ing at root even with passphrase key'd
only.  However... let me add:

1. Definitely restrict who's allowed if the SSH port is exposed to
the internet.  Obscurity works best on the internet.  Too many machines
to hack.. too little time!  Even better if you hide the port a bit,
or enable a trigger event to open the secret port.  But I'll tell you,
if you just prevent root and make your ids pretty obscure, you're
probably safe.

2. If this is on a non-routable interior net (as Kevin B. mentions later),
shoot.. you can define your policy however you like.  You've got
to do what works best for you.  If you're network is attractive to
those who would destroy it... it's a whole lot easier for them to
just build a bomb and blow you up.

3. If you feel that your user base is a possible threat to your ssh
connections internally... that's good news, it means they can all be upgraded
to Linux desktops!  If they know that much about what they are doing,
there's no sense keeping them locked up inside of the glass house
of Windows.

:-) Go Linux!