i’ve got a question here - when i setup SSH keys - i somehow cant use my puttygen generated keys, eventually because they have a passphrase?
I then used the build in key generator but im wondering if that isnt kind of a security risk - because it could happen that someone gets his hands on that server and has all the private keys for all the other servers.
Do you feel this is a risk because of the passphrase less keys or not?
Second thing is - i usually use to disable root ssh login - than i use my keys to login as a ‘normal’ user and sudo my commands. Would you think its safe to allow root ssh login (with keys) because i cant find any way to setup another user in cloudmin.
Well, perhaps you’d consider filing a feature request regarding the password less SSH keys, maybe Jamie would have some input on the matter – it may not be difficult to add in a password prompt for folks wanting to protect keys with a password.
Second, I do the same in regards to disabling the root SSH login.
What I would do to solve that is set “PermitRootLogin” to “without-password” in the /etc/ssh/sshd_config. That would mean that root can log in remotely, but only with key-based logins… password logins would not be accepted.
uh, how the heck could it do any automated tasks if the keys required passphrases?
But yeah, i really dont know of any way to secure the “cloud” so that if the cloudmin machine is compromised, your not screwed. I dont think its really possible. Secure off-cloud backups everyone. =P
I have seti it to PermitRootLogin without-password - that seems to be a bit more secure.
Macscr - your right - it would prolly not be possible to use a passphrase, i need to thing a bit more about it - eventually there is a solution.
Were using webmin since quite some time - and i always had a bad feeling with having one Server holding all the webmin login information to all other servers.
Each of our server for example has a different root pass etc - trying to have all secured. But all i pretty useless if your ‘Main’ Server is compromised holding all those informations online
I found the putty kegen problem - it doesnt generate openssh keys ofc You can convert them and everything is running fine (dont set a passphrase…)
Im still thinking about the security of the servers, im still very unsure about how to make it as secure as possible.
One point of cloudmin is to be able to login to the cloudmin/webmin Server as root, so when i do the right thinking here - it doesnt matter at all if my ssh root login is brute forced or my cloudmin account is brute forced. Im thrown out of cloudmin/webmin after n tries - but i can do this with ssh as well.
Well, i guess i could change cloudmin/wemin username to something else i choose so its hard to guess - but my 16 char password would not be brute forced in 3 tries anyways.
On the other hand if i disable password login to SSH, use only keys and have only root beeing able to login via SSH and change the port - how would that be insecure?
Only if someone steals my private keys…
As far as i understood - you must use passphraseless keys in cloudmin to be able to login to your physical and virtual servers. I could use a passphrase tho to login to my cloudmin server afaik. I think that must be pretty secure.
Am i right or do i just think too wrong
yeah, that should work.
I havent looked at this yet, but i think cloudmin admin access should be on x port and then client access on y port. That way you can restrict admin access to specific IP’s, etc, for port x. Make sense?
Secure off-cloud backups everyone.
I’ve been talking to Colin Percival about his tarsnap service. He’s a pretty well known security guy and FreeBSD core developer, and he’s building a business around a secure backup service…it allows “write only” backups, so Cloudmin could backup to the service, and then for restores you’d have to provide a different key.
There are, of course, other ways to handle such things, too. A polling remote backup server, for instance, which would pull backups down from the Cloudmin systems without Cloudmin having any control over it. It would need its own keys, of course, but in the event someone compromised your Cloudmin master server, and went on a rampage, they wouldn’t have automatic access to the backup server.