[LRUG] Dedicated servers in the UK?

Lee Henson lee.m.henson at gmail.com
Tue Jul 3 05:22:38 PDT 2012


> Now, when you spin up a new Rackspace cloud instance behind their load balancer, their automated config tool needs to log in to the box as root, so you have to enable root logins. It can't use an SSH key, so you have to enable password logins. It needs to be added to the list of allowed users, and the username is always the same for all customers, so it's a known account that can be dictionary attacked. Of course you can close down all these security holes after the machine is configured, but if your own build is automated (you might be using a well-known configuration management tool which I've written a short monograph on) you need to jump through extra hoops to do this, and it's yet more steps which can fail and jam the build process.

Compared to building and installing a web server|database|whatever you
are using the server for|etc, is adding

PermitRootLogin no
PasswordAuthentication no
AllowUsers <some users>

to the ssh config file really "yet more steps which can fail and jam
the build process."?



More information about the Chat mailing list