Quote:
Originally Posted by mlove
Regardless, I don't think any 'fully managed' host is actually secure, as each employee workstation will usually have access to a shit load of of boxes via a single ssh key phrase.
|
Very true and is why many companies will purchase / lease boxes and opt for colo instead so they're in control.
Big drawback of colo is that when things go wrong, the techs at the colo are limited in what they can do due to the nature of the service - often won't do much more than power-cycling.
Customer is responsible for the hardware, software config, backups, etc. For the colo to do most anything requires explicit instructions, or a service contract (often with an outside contractor with rapid access to the colo), or the customer visiting there (often not practical); colos are thinly staffed with the bare essentials for running the facility.
Quote:
Originally Posted by mlove
Ideally, I would have each server setup with a unique ssh key, and have the 'management box' have a new user account for each box they manage, and from there have an unique ssh key & ssh key passphrase. Let this be a lesson in liability.
|
Some dedicated hosts allow customers to change the root password / restrict remote logins even from their own staff, but strongly discourage it (some even outright forbid it), because doing so basically defeats the purpose of dedicated managed hosting - many problems that could be caught / fixed quickly can't be if the staff can't remotely login to the box.
Ron