How to setup the same user/passwd and group on multiple ubuntu machines?
kauer at biplane.com.au
Wed Dec 25 12:32:57 UTC 2013
On Wed, 2013-12-25 at 10:16 +0000, Colin Law wrote:
> I may have valuable and confidential data, and I may have customers
> who could sue me if I lost their data. Why does having the same
> user/pwd make a difference to security on a small private network?
Because access to one is access to all. The attackers breach one wall
and have everything. Better if they have to breach six walls to get
everything. Cost: Slight inconvenience.
> If they get access to any of the machines then all is lost anyway, as
> I have ssh access between them using keys. Are you suggesting that I
> should not allow access between the machines using keys?
Access using ssh keys is fine - as long as you have good long
passphrases protecting the keys, and the key to access machine B from
machine A is different to the key to access machine C from machine A.
Otherwise access to one machine is access to all = game over. Check out
the "-i" option in "man ssh" and consider adding appropriate entries to
your ssh client configuration file ("~/.ssh/config" by default). That
makes it easy to manage multiple hosts from one machine, but you do
still need multiple passphrases for multiple machines.
> > tradeoffs. But sharing passwords between accounts, even accounts owned
> > by the same person, is a bad idea *in general*.
> Well that is not what you said initially. You said it is a "really bad idea".
And it is. A really, really bad idea. That doesn't mean there are no
situations in which it is acceptable. If you do it, you should have
really, really good reasons OR have very, very little to protect.
Karl Auer (kauer at biplane.com.au)
GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
More information about the ubuntu-users