Changes between Version 3 and Version 4 of ssh_security_policy


Ignore:
Timestamp:
Aug 17, 2010, 7:45:43 PM (9 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ssh_security_policy

    v3 v4  
    11= SSH Security Policy =
    22
    3 [This is a proposed policy, not yet implemented. Due to security considerations the discussion is not public.]
     3[This is a proposed policy, not yet implemented.]
    44
    55The following policies guide secure shell access to our servers:
    66
    7  * All root passwords have 30 character randomly generated passwords shared in encrypted form with a limited number of May First/People Link root administrators. May First/People Link root administrators store these passwords in encrypted files on encrypted disks.
     7 * All root passwords have 15 character randomly generated passwords shared in encrypted form with a limited number of [wiki:support-team support team members]. May First/People Link root administrators store these passwords in encrypted files on encrypted disks.
    88
    9  * Key-based root ssh access is enabled on all servers. ssh will be configured to prevent password-based root access. Note: This feature requires running ssh from Lenny which currently (2008-03-23) is only available in Debian Testing (Lenny). Rationale: There are arguments for turning off root ssh access on servers that allow password-based authentication to avoid dictionary attacks. However, with an upgrade to a version of ssh that enables us to allow password-based authentication for members while requiring key-based only authentication for root, we can avoid this weakness. In addition, with randomly generated 30 character passwords, the chances of cracking them with a dictionary-based approach comparable if not harder than cracking an ssh public key to gain access. And, our public keys are [wiki:mfpl_admin_public_ssh_keys published].
     9 * Key-based root ssh access is enabled on all servers. ssh will be configured to prevent password-based root access (not implemented!). Note: This feature requires running ssh from Lenny which currently (2008-03-23) is only available in Debian Testing (Lenny). Rationale: There are arguments for turning off root ssh access on servers that allow password-based authentication to avoid dictionary attacks. However, with an upgrade to a version of ssh that enables us to allow password-based authentication for members while requiring key-based only authentication for root, we can avoid this weakness. In addition, with randomly generated 30 character passwords, the chances of cracking them with a dictionary-based approach comparable if not harder than cracking an ssh public key to gain access. And, our public keys are [wiki:mfpl_admin_public_ssh_keys published].
    1010
    1111 * All MFPL root administrators secure their private key with a password and only save them non-shared computers with encrypted disks.
     
    1717 * May First/People Link conducts an annual audit to check in with all users with root access and ensure that they these policies are being followed and review that all users with root access know they have root access, still want root access, and it makes sense for the organization for them to have root access.
    1818
    19  * Password files and ssh keys are only backed up to servers with adequate security (what is adequate security?)
     19 * Password files and ssh keys are only backed up to servers with encrypted disks