On 10/11/06, Peter Abrahamsen <[EMAIL PROTECTED]> wrote:
Hi list,
I'm looking for some opinions for a security decision. I need to
enable remote administrative access to critical systems living about
3-4 hours from me and in another country. The systems will be running
LAMP, more or less.
Which is a better idea, allowing key-only root access, or ssh'ing in
as myself and running su/sudo/whatever? Either way, I'll set up
iptables so that connection attempts from anywhere other than my
office are -j DROP'ed.
Thanks,
Peter
--
[email protected] mailing list
Hello,
The danger with key-only auth, IMO, is that if your workstation is
compromised, even just the user account, an attacker can copy your
private key and gain root access to the server. Of course your user
account on a typical workstation is open to all kinds of
vulnerabilities since you're generally running all sorts of random
things like web browsers and IM clients and whatnot. That's why I
prefer to ssh into my user account on the remote server, auth by
password, then su to root and auth by password once more.
--
[email protected] mailing list
