1 |
Hi, |
2 |
|
3 |
don't forget two important advantages of logging in as yourself: |
4 |
|
5 |
1) You don't always want to be root. Many tasks can be performed as a |
6 |
normal user. You wont screw up your server so easily as a normal user. |
7 |
|
8 |
Maybe you will even have different users for different tasks (useful if |
9 |
you're not the only administrator). |
10 |
|
11 |
2) If multiple persons access your server, they should log in as normal |
12 |
users. This way you don't have to share the root key and you can |
13 |
identify who logged in when via your logs. |
14 |
|
15 |
Of course you should enforce key-only access for your users. |
16 |
|
17 |
Peter Abrahamsen wrote: |
18 |
> Hi list, |
19 |
> |
20 |
> I'm looking for some opinions for a security decision. I need to |
21 |
> enable remote administrative access to critical systems living about |
22 |
> 3-4 hours from me and in another country. The systems will be running |
23 |
> LAMP, more or less. |
24 |
> |
25 |
> Which is a better idea, allowing key-only root access, or ssh'ing in |
26 |
> as myself and running su/sudo/whatever? Either way, I'll set up |
27 |
> iptables so that connection attempts from anywhere other than my |
28 |
> office are -j DROP'ed. |
29 |
> |
30 |
> Thanks, |
31 |
> |
32 |
> Peter |
33 |
|
34 |
|
35 |
-- |
36 |
|
37 |
Mit freundlichen Grüßen |
38 |
|
39 |
Bastian Ramm |
40 |
|
41 |
-------------------------------------------- |
42 |
COMINTO GmbH |
43 |
Klosterstraße 49 |
44 |
40211 Düsseldorf |
45 |
www.cominto.de |
46 |
|
47 |
eMail: ramm@×××××××.de |
48 |
Tel : 0211 / 6000 16 - 79 |
49 |
Fax: 0211 / 6000 16 - 89 |
50 |
-------------------------------------------- |