New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How do you securely access multiple LEBs?
I'm not asking for you guys to go into too many details, but just wondering how you guys handle this? I generally have a passwordless SSH key on my truecrypt drive that I use to get into one host, which works as my IRC/shell box and has a passworded key on it that lets me into the rest of my machines. Password auth disabled all around. I can't help but think there's a better way, but it's not coming to me at the moment?
Comments
The one key for all of your other machines is stored on a single account? Or am I missing what you described?
Well when you put it that way it just sounds plain insecure :P
Yes. Yes it is. I'm reinstalling a few of the machines and thought it was as good a time as any to rethink this.
Root, port 22 and ssh :P
@diffra, instead of putting the key on that box try ssh agent forwarding and keep the key on your physical machine.
that's the new keychain i'm thinking about lately:
http://www.cz.all.biz/img/cz/catalog/32259.jpeg
no kidding
Jus store the key to all your machines on your desktop and you'll be fine.
This guy knows data security. I believe him.
1) Change SSH port
2) Disable all password logins
3) Private key/s on my Desktop (home computer)
4) Daily backup of ssh key/s to EncFS (encrypted) folder which gets backed up to Dropbox
5) ** If any servers need to communicate between each other, use public keys.
(Think I copied the setup from someone here or another server blog/forum).
2) Disable all password logins
3) Private key/s on my Desktop (home computer)
4) Daily backup of ssh key/s to EncFS (encrypted) folder which gets backed up to Dropbox
5) ** If any servers need to communicate between each other, use public keys.
That's pretty awesome.
KeePass to store passwords, root, SSH, custom port (usually)
http://sourceforge.net/projects/pacmanager/
I connect to the SSH port (not 22) with PuTTY as root using a password like a real man
I need to hack my servers every time I want to login, but I also have to patch the hole I used. I find that this keeps me in shape.
/troll
I use ssh w/ password on non-standard port and disabled root login, but thinking about using keyfiles soon... maybe storing them in a local truecrypt container.
Putting the container in Dropbox is a nice idea, thanks!
Like a bosssss!!!
If you put a passphrase on your key, there's not much point to storing them in yet another passphrase (TrueCrypt/etc)...
SSH Password w/ KeePass