Comments on: Unix Password and Authority Management

By: Michael Goetze

Michael Goetze — Tue, 01 Feb 2011 12:31:40 +0000

I think if the people who have root access to your systems can’t be trusted to run an SSH agent with expiry times and have passphrases on all their keys… then you should possibly rethink who has root access to your systems.

By: Iñigo

Iñigo — Tue, 01 Feb 2011 10:14:18 +0000

The main advantage of sudo is that you do _not_ need to give root.

We use intensively /etc/sudoers to separate monitoring, backup, admin, developer, user, etc \roles\…

This folks are doing some recommendations about the topic since years ago, in the man page, linked from the root welcome email message:

http://www.openbsd.org/cgi-bin/man.cgi?query=afterboot

By: Anonymous

Anonymous — Mon, 31 Jan 2011 22:08:01 +0000

While you can’t enforce that people use passphrases on their SSH keys, if you show people how to set up libpam-ssh or libpam-gnome-keyring then they have no reason to use a passphraseless key. I always set up systems with passwords and remote root access disabled, sudo, and users with ssh keys only. When users don’t have passwords, you don’t have to worry about password policies. :)

By: natxo

natxo — Mon, 31 Jan 2011 21:37:12 +0000

ldap + kerberos (soon moving homegrown setup to freeipa – freeipa.org)

By: John Goerzen

John Goerzen — Mon, 31 Jan 2011 18:01:04 +0000

True, but then if an admin workstation (or, perhaps, laptop?) is compromised, then the same problem exists. Though this could indeed simplify the management, it is also impossible to police that people are using passworded keys.

By: neutrinus

neutrinus — Mon, 31 Jan 2011 17:59:29 +0000

think about creating uid=0 accounts for every admin (ex: neutrinusroot, thomasroot). Admins should have different passwords on servers… Then move to ssh keys :)
Result: admin will have one password his key, ssh-agent will do the rest.