Re: [tlug] bootable linux with sshd

["Stephen J. Turnbull" <stephen@example.com>]

Curt Sampson writes:

 > On Tue, 2 Jan 2007, Stephen J. Turnbull wrote:

 > > I kinda hope not: root with a default password open to the internet?

 > No need to go that far; just put your distro on a USB key, with your
 > login and ssh public keys on it, and it will be as secure as any other
 > machine.

Of course.  But my impression from the word "image" was that Fergal
was talking about something relatively indestructible like a CD.  I
certainly would have preferred a CD for my own mother's peace of mind.
She never did anything truly stupid with her computer, but never
managed to convince herself that she was competent, and much preferred
R/O media.

 > IMHO, Root ought not be able to log in at all via the network,

Unfortunately, not everybody lives in their coloc.  Root access over
the net is necessary, and once granted, it doesn't matter all that
much whether it's a direct SSH connection or by su.  Personally, I
think that if a machine is accessible from the network, system
accounts should not be allowed to login by passwords[1] at all, nor
should sudo be used.  Instead SSH authorized_keys should be configured
to run the desired command (and it shouldn't be "xemacs" ;-).


Footnotes: 
[1]  Any pass phrase that a human would be willing to memorize or
write on a Post-It.