[ale] SSH attempts

Michael B. Trausch mike at trausch.us
Fri Sep 16 13:34:48 EDT 2011 

On Mon, 2011-09-12 at 17:40 -0400, Bob Toxen wrote:
> Disabling root ssh and requiring one first to ssh in through another
> account and su'ing or sudo'ing to root is not as effective as the
> above solutions and may diminish security, in my opinion. 

Okay, so I can understand why that would be the case for giving accounts
access to su (but if you're doing that, then you haven't locked the
password for the root user anyway), but sudo is a totally different
animal.

What I do on all my systems these days is this:

 * I run "passwd -l root", so that root cannot login by any means
   (because its password is locked).

 * I create a group for full system administrators (that is, people
   that can run "sudo -i" or "sudo -s" to the root user account).

 * If the system has subadministrators, I configure sudo for that.
   For example, on a system that runs a phone system (say, FreeSWITCH),
   the phone system runs as a certain user.  I'll create a group for
   people who are allowed to become that user, and then configure sudo
   to enable people to change their uid to that user so that they can
   administer the phone system.  Same goes for a Web administrator or
   DBA.  Such people would, therefore, not allowed to become root
   (because they have no need to do so).

 * If there are people who have to run single commands as root, I will
   configure sudo to enable them to do so (as long as it's not a command
   that will spawn a subshell or something).  All bets are off if it can
   spawn a subshell, of course, but as long as it is a well-behaved
   single-task program, it is usually fine.

The sudo command can be used to create a very fine-grained system where
people can only gain access to the privileges that they need in order to
get their work done.  It _can_ take a little bit to engineer an
appropriate configuration, but once that's done, sudo takes care of the
logging and all of that for you.

There are even ways to make it possible to have fully functional system
administrators that can do everything _except_ change the sudo
configuration or certain items like system logs, though that is slightly
outside of the scope of sudo itself.

All that to say that proper use of sudo significantly enhances system
security, not the opposite.

	--- Mike

-- 
A man who reasons deliberately, manages it better after studying Logic
than he could before, if he is sincere about it and has common sense.
                                  --- Carveth Read, “Logic”

More information about the Ale mailing list