private servers sharing common root

Fabio FZero fabio.fzero-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Jun 24 21:00:16 UTC 2010 

Yes, but you don't have to abide to it. You can turn off password
logins and enable root logins with keys, which is really not that bad
security-wise.

Anyway, depending on what you want to do, putting your config files
and scripts under version control could be a good solution. When
anything needs to be changed, just alter the files, push them to the
repo and pull everything back on all servers (I don't know if this is
what Chris was talking about -- I didn't have time to look at the
articles).

FZ

On Thu, Jun 24, 2010 at 16:26, Mark Lane <lmlane-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> While I would be inclined to do it that way too, it would be more
> secure if you logged in as someone other than root. Correct me if I am
> wrong but turning off root login in SSH is a pretty standard procedure
> is it not.
>
> On Thu, Jun 24, 2010 at 12:43 PM, Christopher Browne <cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
>> On Thu, Jun 24, 2010 at 10:32 AM, teddy <teddy-5sHjOODPK7E at public.gmane.org> wrote:
>>> To enable scripts and automation they all share a common root password.
>>>
>>> I have learned that the same passwords on multiple servers, especially the
>>> same root
>>> password is a recipe for an insane amount of work, especially if there is a
>>> security
>>> breach. Because ALL the servers with the common password must be considered
>>> compromised.
>>
>> Yep, I agree that having the same root password everywhere is likely
>> to be troublesome if you're particularly worried about security.
>>
>> I'd be inclined to have routine administration take place based on a
>> "pull" model instead of the "push" model characteristic of 'logging in
>> to each box.'
>>
>> http://www.infrastructures.org/bootstrap/pushpull.shtml
>> --
>> http://linuxfinances.info/info/linuxdistributions.html
>> --
>> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
>> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
>> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>>
>
>
>
> --
> Mark Lane <lmlane-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

More information about the Legacy mailing list