[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sticky authentication/authorisation issues




> > Such as if I set up Kerberos authentication or ssh public key
> > authentication so I can log into several remote systems as root
> > without a password, is this really a good idea? Anybody who managed to
> > "grab" your console (either physically, via X, or some other way)
> > would have root access to any one of the machines you have root access
> > to.
> 
> You should avoid accessing such mechanisms from hosts whose security you
> don't trust.

Yes, I think the single risk of grabbing my console on my laptop (for
example no inetd) is much lower than the combined risk of typing that
password on a remote box which exposes it

	 * on my console
	 * on the network (ok, encrypted, but still out there)
	 * for the remote program
	 
If you have seperate root passwords on your boxes and maybe even
different passwords for different services on these, then there is of
course the question how to manage all these passwords, i.e. how to
remember them.

Sometimes it is worth the inconvinience not to have root network
login or maybe not even network login at all.

Harald.