[Fedora-infrastructure-list] better passwords ,etc
linux at elfshadow.net
Sat Jul 15 19:51:56 UTC 2006
seth vidal wrote:
> Following on the post about stronger passwords - I have a better idea -
> why don't we have no password at all.
> meaning - if you don't have the ssh key you cannot login to any of our
> Then we don't have to muck with passwords at all we just put nice
> little !! in the field in the shadow.db file and we're done with it.
> What do you think?
I think this is a great idea. I think we all know passwords are the
bane of securing any system. Using keys only would certainly be a move
to the right direction.
In our case though I think there is another problem area where a
password is still a weakness. The Account System is a component in how
our ssh keys get distributed currently. So if someone were to
compromise a sysadmin's password for the web based Account System they
would then be able to edit that individual's profile and change the ssh
key for that user which would be distributed across the systems they
have shell access to. Now the intruder can access the systems with the
ssh key pair they own (at least until the original user noticed they
couldn't login anymore).
At least I think that would be an attack vector that could target a
password. Perhaps I am unaware of a component of the Account System or
I am missing something else that would cause the above scenario to not
work, so feel free to point out the obvious!
If the above scenario is an accurate one though, we still are relying on
passwords to secure access to the systems to some extent. It may be an
area we want to look at to force some sort of check or balance to
minimize even that possibility.
While on the topic of security and moving beyond passwords, perhaps the
group as a whole should brainstorm, check settings, etc on the system
and processes from the security perspective. There are lots of
intelligent individuals on the team and some time spent towards a
security audit of sorts could prove useful just to make sure we are
truly following best practices (or going above and beyond) and aren't
assuming certain things about the system configurations that really
aren't in place.
More information about the infrastructure