[H-GEN] passwords

Daniel Quinlan daniel at netwise.net.au
Mon Jul 24 04:30:21 EDT 2000


[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics.  Please observe the list's charter.          ]

hi,

   thanks for all the input from everyone.  It's come down to this

   root access only at the console or via su
   root password to follow a pattern based on the site
   su access only to group members 
   remote access only via ssh with RSA keys 
   user accounts with login shells to have a secure password (read long and randomly generated)


   which still leaves me with these issues:

   which group should I make su owned by?  I remember it being wheel on some
   other *nix I've worked on but Debian doesn't appear to have wheel. I'm
   going to email someone at Debian about this one.

   how to manage the RSA keys?
	   Give each tech their own key and copy all tech's keys to all servers
	   Give each tech a copy of a single key & copy that key to all servers

   each option has it's pros and cons =(
   I'm leaning towards a single key as it is easier to manage.  If someone
   leaves all we have to do is create a new key and update every server, which
   could be scripted to some extent.  Also if we suspect that someone has 
   obtained a copy of the key and the passphrase we can push out a new key
   to all servers.


   any thoughts?


thanks,
-- 
Daniel Quinlan				daniel at netwise.net.au
Netwise Australia			ph:  07 3252 8111
"Engineering Your Network Solution"	fax: 07 3216 0226

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.



More information about the General mailing list