[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Fedora-infrastructure-list] better passwords ,etc

seth vidal wrote:
Following on the post about stronger passwords - I have a better idea -
why don't we have no password at all.

meaning - if you don't have the ssh key you cannot login to any of our

Then we don't have to muck with passwords at all we just put nice
little !! in the field in the shadow.db file and we're done with it.

What do you think?

I think this is a great idea. I think we all know passwords are the bane of securing any system. Using keys only would certainly be a move to the right direction.

In our case though I think there is another problem area where a password is still a weakness. The Account System is a component in how our ssh keys get distributed currently. So if someone were to compromise a sysadmin's password for the web based Account System they would then be able to edit that individual's profile and change the ssh key for that user which would be distributed across the systems they have shell access to. Now the intruder can access the systems with the ssh key pair they own (at least until the original user noticed they couldn't login anymore).

At least I think that would be an attack vector that could target a password. Perhaps I am unaware of a component of the Account System or I am missing something else that would cause the above scenario to not work, so feel free to point out the obvious!

If the above scenario is an accurate one though, we still are relying on passwords to secure access to the systems to some extent. It may be an area we want to look at to force some sort of check or balance to minimize even that possibility.

While on the topic of security and moving beyond passwords, perhaps the group as a whole should brainstorm, check settings, etc on the system and processes from the security perspective. There are lots of intelligent individuals on the team and some time spent towards a security audit of sorts could prove useful just to make sure we are truly following best practices (or going above and beyond) and aren't assuming certain things about the system configurations that really aren't in place.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]