[Fedora-infrastructure-list] better passwords ,etc

Jeffrey Tadlock linux at elfshadow.net
Sat Jul 15 19:51:56 UTC 2006

seth vidal wrote:
> Following on the post about stronger passwords - I have a better idea -
> why don't we have no password at all.
> meaning - if you don't have the ssh key you cannot login to any of our
> systems.
> Then we don't have to muck with passwords at all we just put nice
> little !! in the field in the shadow.db file and we're done with it.
> What do you think?

I think this is a great idea.  I think we all know passwords are the 
bane of securing any system.  Using keys only would certainly be a move 
to the right direction.

In our case though I think there is another problem area where a 
password is still a weakness.  The Account System is a component in how 
our ssh keys get distributed currently.  So if someone were to 
compromise a sysadmin's password for the web based Account System they 
would then be able to edit that individual's profile and change the ssh 
key for that user which would be distributed across the systems they 
have shell access to.  Now the intruder can access the systems with the 
ssh key pair they own (at least until the original user noticed they 
couldn't login anymore).

At least I think that would be an attack vector that could target a 
password.  Perhaps I am unaware of a component of the Account System or 
I am missing something else that would cause the above scenario to not 
work, so feel free to point out the obvious!

If the above scenario is an accurate one though, we still are relying on 
passwords to secure access to the systems to some extent.  It may be an 
area we want to look at to force some sort of check or balance to 
minimize even that possibility.

While on the topic of security and moving beyond passwords, perhaps the 
group as a whole should brainstorm, check settings, etc on the system 
and processes from the security perspective.  There are lots of 
intelligent individuals on the team and some time spent towards a 
security audit of sorts could prove useful just to make sure we are 
truly following best practices (or going above and beyond) and aren't 
assuming certain things about the system configurations that really 
aren't in place.


More information about the infrastructure mailing list