Root credentials for managed beta

We've just started using the managed beta and I have a suggestion to make. At present Linode require us to install their SSH key under the root user. As a matter of course we don't allow root login (and all other users are only permitted to log on with SSH keys - we don't allow passwords).

I would suggest it would be much more secure if Linode were to allow us to create a special "linode support" user and install their SSH key under that user. This would mean we wouldn't have to enable remote root access to our servers and any access would be properly audited to an identifiable user (which is particularly important if anyone is doing anything that touches the world of PCIDSS or other related standards).

[edit - forgot to say that obviously the linode support user would need to have sudo privileges, but that's still much more secure than just allowing root access]

If anyone from Linode is gathering feedback from the forums can you add this suggestion to the list?

2 Replies

@adancy:

We've just started using the managed beta and I have a suggestion to make. At present Linode require us to install their SSH key under the root user. As a matter of course we don't allow root login (and all other users are only permitted to log on with SSH keys - we don't allow passwords).

I would suggest it would be much more secure if Linode were to allow us to create a special "linode support" user and install their SSH key under that user. This would mean we wouldn't have to enable remote root access to our servers and any access would be properly audited to an identifiable user (which is particularly important if anyone is doing anything that touches the world of PCIDSS or other related standards).

[edit - forgot to say that obviously the linode support user would need to have sudo privileges, but that's still much more secure than just allowing root access]

If anyone from Linode is gathering feedback from the forums can you add this suggestion to the list?

This has been added to our list of features to consider. Thanks for the feedback!

> I would suggest it would be much more secure if Linode were to allow us to create a special "linode support" user and install their SSH key under that user. This would mean we wouldn't have to enable remote root access to our servers and any access would be properly audited to an identifiable user (which is particularly important if anyone is doing anything that touches the world of PCIDSS or other related standards).

Just an update - this has been implemented. You're able to specify both a user and a port that we can log in with, we just ask that you note these things in the provided fields and make sure we can sudo!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct