Results 1 to 5 of 5
  1. #1
    Join Date
    Jun 2003
    Location
    UK
    Posts
    6,601

    SSH Key Root Login by default?

    What do people think about companies that ship their dedicated servers with their own authorized SSH key so they can get remote access without having to ask you for your root password?

    Rus
    Russ Foster - Industry Curmudgeon

  2. #2
    Join Date
    Apr 2002
    Location
    UK
    Posts
    429
    I think it's a good idea during the setup phase in case one needs help from the DC.

    Generally you can then either leave the key there or delete it if you'd rather keep the DC out. I don't think there are many DCs that will insist on keeping it there.

  3. #3
    Join Date
    Jun 2003
    Location
    UK
    Posts
    6,601
    So as long as is made obvious you think its not a problem? As I know some DC's we use do this and others don't

    Rus
    Russ Foster - Industry Curmudgeon

  4. #4
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,080
    I personally don't like datacenter techs just logging into my server. If I want them I can give them the password, which is changed right after. If for some reason they really wanted to get into it they can alway boot it to single user mode. The only reason I can think they would want to login would be abuse issues.

    One thing you could do is disable direct root login and only allow sudo on an account they do not have. You are simply making the server more secure...oh yeah and locking them out at the same time Just make sure they do not have some weird policy regarding keeping the ssh key in place or retaining access at all times.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  5. #5
    Join Date
    Jun 2003
    Location
    UK
    Posts
    6,601
    I was thinking more from a fully managed server point of view. You get an automated Apache down warning how does it get fixed? That sort of things and thought it would be sensible to hve the SSH key rather than a root pw on file as that can change

    Rus
    Russ Foster - Industry Curmudgeon

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •