Security work
2001-01-31 17:53:16+00 by
Dan Lyke
2 comments
Phew. Just got BIND upgraded to 8.2.3 on all the appropriate machines to stave off those potential root exploits, but while I was sshing around the living room and the continent I realized that there are probably people who've thought about ssh key management better than I. Eric, or anyone else, got some suggestions about how to manage public and private key zones for that elusive compromise between reasonable security and ease of use?
comments in ascending chronological order (reverse):
#Comment made: 2002-02-21 05:31:03+00 by:
ebradway
Good biometrics are the best compromise between security and ease of use. The lofty ideal for keys management is to keep your private keys on some kind of smart card and use something like a thumbprint scanner to authenticate to the card (I can't find the link but I saw a smartcard with the thumbprint reader built-in the other day). Unfortunately, card readers are far from ubiquitous.
The next best thing is to store your keys on a floppy and give each key a pem phrase. Personally, I like having to enter a password when I move to a critical system because it gives me a split second to pause and think about what I'm about to do. It also encourages me to do not critical tasks on non critical systems.
What I do personally, is I log into all of my boxes under one ID with a relatively weak password. This account I use for all my personal stuff - email, browsing the web, playing MP3s, etc. I can ssh to other systems with the same account without any password. Any more serious stuff I su to another ID with a stonger password. This account is SUID 0 on systems I have complete control over (my workstation, my web server, etc). I can ssh to other systems (where I'm not SUID 0) but have to enter a pem phrase to use the keys. These accounts are my 'work' accounts where I have may have significant access to production servers. Finally, I do not allow SSH for SUID 0 accounts. So to do things as root, I have to login into my low security account, then su to my medium account, ssh to the server I need to work on, and then su as root.
It's really not as big of a headache as it seems. The levels of security are designed to give me reason not to do things in secure accounts if I can avoid it. For instance, running a workstation as root while using X, KDE, xmms, Netscape, and having ssh access to other machines without pem phrases is a very BAD thing.
#Comment made: 2002-02-21 05:31:04+00 by:
baylink
Sure. Keep the private keys on the server.
http://scfn.thpl.lib.fl.us/~jra/netlogin.txt