| 1 |
Hi, |
| 2 |
|
| 3 |
don't forget two important advantages of logging in as yourself: |
| 4 |
|
| 5 |
1) You don't always want to be root. Many tasks can be performed as a |
| 6 |
normal user. You wont screw up your server so easily as a normal user. |
| 7 |
|
| 8 |
Maybe you will even have different users for different tasks (useful if |
| 9 |
you're not the only administrator). |
| 10 |
|
| 11 |
2) If multiple persons access your server, they should log in as normal |
| 12 |
users. This way you don't have to share the root key and you can |
| 13 |
identify who logged in when via your logs. |
| 14 |
|
| 15 |
Of course you should enforce key-only access for your users. |
| 16 |
|
| 17 |
Peter Abrahamsen wrote: |
| 18 |
> Hi list, |
| 19 |
> |
| 20 |
> I'm looking for some opinions for a security decision. I need to |
| 21 |
> enable remote administrative access to critical systems living about |
| 22 |
> 3-4 hours from me and in another country. The systems will be running |
| 23 |
> LAMP, more or less. |
| 24 |
> |
| 25 |
> Which is a better idea, allowing key-only root access, or ssh'ing in |
| 26 |
> as myself and running su/sudo/whatever? Either way, I'll set up |
| 27 |
> iptables so that connection attempts from anywhere other than my |
| 28 |
> office are -j DROP'ed. |
| 29 |
> |
| 30 |
> Thanks, |
| 31 |
> |
| 32 |
> Peter |
| 33 |
|
| 34 |
|
| 35 |
-- |
| 36 |
|
| 37 |
Mit freundlichen Grüßen |
| 38 |
|
| 39 |
Bastian Ramm |
| 40 |
|
| 41 |
-------------------------------------------- |
| 42 |
COMINTO GmbH |
| 43 |
Klosterstraße 49 |
| 44 |
40211 Düsseldorf |
| 45 |
www.cominto.de |
| 46 |
|
| 47 |
eMail: ramm@×××××××.de |
| 48 |
Tel : 0211 / 6000 16 - 79 |
| 49 |
Fax: 0211 / 6000 16 - 89 |
| 50 |
-------------------------------------------- |
Archives