[H-GEN] passwords
Daniel Quinlan
daniel at netwise.net.au
Mon Jul 24 04:30:21 EDT 2000
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Please observe the list's charter. ]
hi,
thanks for all the input from everyone. It's come down to this
root access only at the console or via su
root password to follow a pattern based on the site
su access only to group members
remote access only via ssh with RSA keys
user accounts with login shells to have a secure password (read long and randomly generated)
which still leaves me with these issues:
which group should I make su owned by? I remember it being wheel on some
other *nix I've worked on but Debian doesn't appear to have wheel. I'm
going to email someone at Debian about this one.
how to manage the RSA keys?
Give each tech their own key and copy all tech's keys to all servers
Give each tech a copy of a single key & copy that key to all servers
each option has it's pros and cons =(
I'm leaning towards a single key as it is easier to manage. If someone
leaves all we have to do is create a new key and update every server, which
could be scripted to some extent. Also if we suspect that someone has
obtained a copy of the key and the passphrase we can push out a new key
to all servers.
any thoughts?
thanks,
--
Daniel Quinlan daniel at netwise.net.au
Netwise Australia ph: 07 3252 8111
"Engineering Your Network Solution" fax: 07 3216 0226
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.
More information about the General
mailing list