I need to create a public cloud server and use it as a bastion in a secure way.
I hate the java/javascript console that you have to use when something doesn't work with your cloud.
I want to keep the root user enabled. As leaving the password authentication for root is a security risk we need to mitigate this.
By default the default loging method is going to be RSA public key.
The reason I want to keep the root user enabled is that you can easely reset its passwors using the https://mycloud.rackspace.com/ portal. Otherwise the root user should be practically not available.
We could leave it enabled but there is always a risk that somebody with enough time may want to try to hack us.
Problem
How to set up a root password rotation using Cron in Linux,
Solution
# crontab -l # for debugging # */10 * * * * echo root:$(/usr/bin/makepasswd --chars 15) | /usr/bin/tee /tmp/test.txt | /usr/sbin/chpasswd */10 * * * * echo root:$(/usr/bin/makepasswd --chars 15) | /usr/sbin/chpasswd
This mitigates the root password attacks and still gives us a possibility to reset the root password over the portal and login over a regular ssh session.
We don't care what the new root password is, if I need it I'll reset it on the myrack portal.
Posts
Alternatively you could simply lock root user password, you will still be able to login in using SSH key or reset the password via portal.
ReplyDelete# passwd -l root
Locking password for user root.
passwd: Success
Easy user experience for public cloud Hosting use Go4hosting. 24*7 Support System....
ReplyDeleteThanks for sharing this incredible and unique content. This would help many like me in getting the Best web hosting
ReplyDelete