[RndTbl] Hey security guys!

[Kevin McGregor]

We have a pile of Linux servers here at work. We'd like to set up the
shared keys to simplify admin via SSH. Here's the thing (quoted from an
email I received):

We are thinking of putting public/private ssh keys on all of our Linux
servers.

The purpose of this is so that our central admin server can "do stuff' on
all of our servers without needing a password. We are wondering how far to
go for convenience.



Below are restrictions that we can place on the key pair (there may be
others, but these are the ones of which I'm aware). Have a look at each
restriction and consider whether we should use the restriction or not.
Basically it would be most convenient to have none of the restrictions.

·         We can create a password on the key pair

o   This would defeat the whole purpose of using the key pair to avoid
passwords

·         We can limit which user can run things on the target machine

o   Most likely, we would install the public key for the user root
(therefore things would run as user=root)

·         We can limit what commands can be run on the target machine

o   We would like to leave this wide open so we can run anything remotely

·         We can limit the source machine that can initiate remote commands
(ie - commands can only come from the admin machine)

o   It would be nice to not have this limit as we could move the private
key onto other machines (eg a VM on your desktop) to be able to run things
remotely

o   The downside is that if anybody gets the private key, they can do
anything



Note that firewalls should prevent people from the internet trying to
connect to ssh.

[Comments, anyone? - Kevin]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20140320/6790ac09/attachment.html>