Hi,

I have signed up for dedicated managed hosting some time back.

I am just curious what is the normal practise here.
When server issues arises, the hosting support staff will ask for my server root password using email.

But i don't feel quite comfortable providing the root password using normal email.

1) Can't the support staff sulogin to root?
2) What is the normal practise for requesting the root password?

Thank you. :)

Unless you kept the default root passwd they gave you on set up I dont think there is any way they can login to the system.

I agree the practise of requestion root password, which is done by MANY hosts I think, is not too good. But what alternative is there?

Some hosts have a control panel (dont remember which) where you can update (through SSL connection) your root password in their database so they have access on their part - not thus needing to use email. This is a neat feature, kinda.

Another solution would be to use this PGP encrypted email thing on both sides. But no-one does this?

Finally, if you are forced to thus send your root passwd by normal email (which is in principle totally unencrypted), make sure you change your rootpaswd after they're done with it :)

Some sort of secure standardized way of doing this would very nice.

We have this problem and if you take that a majority of people want their problem fixed. We do offer https access to the ticket system but generally replying to email is quicker. As beowulfdk for most customers what alternative is there?


Rus

Create a standard SSH Shell wheel account for the techs to login with and then place the 'su' password in a text file in their home directory to use to 'su' to root. You will not be sending your password off your server or allowing them to store your root password in an internal database (who knows how strong the security is on that server?). Another option is for you to setup the standard shell user and create a sudo users entry for them to use.

Actually why not just generate an SSH root key...

Rus

its never really a good idea to store root passwords anywhere on the server, its just an unnecessary risk. IMo the best way to do it is have a secure https enviroment (such as a SSL cert for a helpdesk) which allows the storing on clients rootpass inside their helpdesk information. Not entirely foolproof, but better than some ideas that have been suggested

Originally posted by LTADMIN
Create a standard SSH Shell wheel account for the techs to login with and then place the 'su' password in a text file in their home directory to use to 'su' to root. You will not be sending your password off your server or allowing them to store your root password in an internal database (who knows how strong the security is on that server?). Another option is for you to setup the standard shell user and create a sudo users entry for them to use.

We used to do that but its a hassle :P Would prefer logging into root directly.

We use a ticketing system to help deal with this. Also, there are notes sections in the customers billing setups where they can specify information they want us to know that is more secure. I agree that root passwords over email are not the safest way to send. If that is the case though you can do it then change the password as soon as they are out of the server.

Greetings:

On those occasions where we don't have access, we ask for the client to FAX us such information.

When a FAX will not do then there are various ways to secure the information:

secure email over digital ID (this is not the same as filling out a https page as the server may use regular email to transmit the information).

Spilitting up the information over several emails.

Putting the information in a password protected Word or Excel document. Sending the password for the document and the document separately.

Telephone.

Thank you.

The telephone is probably the quickest way, with a reasonable amount of security.

Rule of thumb, I would only distribute a root password with any of the same methods that I would disclose my Credit Card number.

http://www.courtesan.com/sudo/ ?