How do you securely access multiple LEBs?

diffra

I'm not asking for you guys to go into too many details, but just wondering how you guys handle this? I generally have a passwordless SSH key on my truecrypt drive that I use to get into one host, which works as my IRC/shell box and has a passworded key on it that lets me into the rest of my machines. Password auth disabled all around. I can't help but think there's a better way, but it's not coming to me at the moment?

Damian

The one key for all of your other machines is stored on a single account? Or am I missing what you described?

diffra

Well when you put it that way it just sounds plain insecure :P

Yes. Yes it is. I'm reinstalling a few of the machines and thought it was as good a time as any to rethink this.

Taylor

Root, port 22 and ssh :P

Surge

@diffra, instead of putting the key on that box try ssh agent forwarding and keep the key on your physical machine.

peepingnerd

that's the new keychain i'm thinking about lately: http://www.cz.all.biz/img/cz/catalog/32259.jpeg

no kidding

gsrdgrdghd

Jus store the key to all your machines on your desktop and you'll be fine.

HalfEatenPie

@gsrdgrdghd said: Jus store the key to all your machines on your desktop and you'll be fine.

This guy knows data security. I believe him.

telephone

1) Change SSH port 2) Disable all password logins 3) Private key/s on my Desktop (home computer) 4) Daily backup of ssh key/s to EncFS (encrypted) folder which gets backed up to Dropbox 5) ** If any servers need to communicate between each other, use public keys.

(Think I copied the setup from someone here or another server blog/forum).

HalfEatenPie

@telephone said: 1) Change SSH port 2) Disable all password logins 3) Private key/s on my Desktop (home computer) 4) Daily backup of ssh key/s to EncFS (encrypted) folder which gets backed up to Dropbox 5) ** If any servers need to communicate between each other, use public keys.

That's pretty awesome.

dominicl

KeePass to store passwords, root, SSH, custom port (usually)

ValdikSS

http://sourceforge.net/projects/pacmanager/

hmmmm

I connect to the SSH port (not 22) with PuTTY as root using a password like a real man ;)

vld

I need to hack my servers every time I want to login, but I also have to patch the hole I used. I find that this keeps me in shape. /troll

mero

I use ssh w/ password on non-standard port and disabled root login, but thinking about using keyfiles soon... maybe storing them in a local truecrypt container. Putting the container in Dropbox is a nice idea, thanks!

yomero

@vld said: I need to hack my servers every time I want to login, but I also have to patch the hole I used. I find that this keeps me in shape.

Like a bosssss!!!

DimeCadmium

If you put a passphrase on your key, there's not much point to storing them in yet another passphrase (TrueCrypt/etc)...

Corey

SSH Password w/ KeePass