Servers and security
Raphaël Jadot
Public
Seen by 263
This topic is focused about all security concerns and solutions we may have related to our servers.
Anurag Bhandari Fri 8 Mar 2013 3:26PM
@raphaeljadot How about we force ssh keys for the hosts (agate and beryl) and keep password auth for all CTs for now? :)
Raphaël Jadot Fri 8 Mar 2013 4:12PM
@anuragbhandari ok for me, let's do this :)
jclvanier Fri 8 Mar 2013 9:40PM
I may have missed something:
-- we can use either encrypted or unencrypted ssh key
-- in the case of encrypted key, you have to unlock it with a password before the key can be sent to the serveur
-- from the net spy point of view, the key is more difficult to break than a password, so we should force the use the ssh key in that case
-- we cannot verify if a user uses an encrypted key
-- if the key is not encrypted and it is stolen, then the door is open
-- otherwise, if we want to access the host with another computer, we can either use the same key (to be copied) or another key sent to the host beforehand (if we cannot use a password)
-- if we loose our key (crash, for example) we cannot access the host anymore
This is the reason why I think we should use an encrypted key most of time but leave the possibilty to use a strong password, thus letting the possibility to handle an issue. But, ok, since we are a team, a member can reset the config for another member in case of trouble.
Raphaël Jadot Fri 8 Mar 2013 10:58PM
In fact, the main problem with SSH password is the risk of being sniffed. if someone get the key, he still has to find the password to make sudo. If pass fails, sudo send a warn mail to admin. This is why using SSH key, even with no pass, even not in a safe place seems more secure to me : the pass doesn't flow over the network but stay inside the system.
John Cave Sat 9 Mar 2013 5:53AM
I think it should go ahead, but we should all make an individual effort to have a highly secure passphrase. An attacker cannot be sudo without the user password anyway, therefore cannot interfere with the system without both.
Anurag Bhandari Sat 25 May 2013 12:13PM
Roughly what are the risks and efforts involved in migration to Proxmox 3?
Raphaël Jadot Sat 25 May 2013 4:20PM
Well, not so much risk, but it's quite long as we have to be carefull about several steps (migrate CT in one server, move A records, check the all is working correctly, then upgrade the other server, check all is ok, move all CT in the second server, upgrade the first server etc, It may take several days (not full days, but taking time is good imho :)
Anurag Bhandari Mon 27 May 2013 1:23PM
@jclvanier You disagree? ;)
jclvanier Mon 27 May 2013 4:31PM
Sorry, I would mean: I have no real opinion since I will not be able to do the migration myself.
So abstain = no opposition :)
Raphaël Jadot · Fri 8 Mar 2013 2:51AM
@anuragbhandari not really there is no consensus yet... A proposal is to force only for hosts at the beginning, WDYT?