top | item 39912915

(no title)

imrehg | 1 year ago

That's a very good question. Likely depends on the circumstances. I don't quite know any ways of using untrusted sources safely. Maybe something where you can use temporary credentials (say 2FA), or the the likes of using AWS's EC2 Instance Connect, but there's always a problem of _something_ has to be on an untrusted location, I guess?

Having some emergency access certs in a password manager might be a good backup (and rotating it after using it on an untrusted source?).

The best way is, however, removing the need in emergencies to access a machine (e.g. more of the "cattle vs pets" way of thinking). But that's hard for sure.

discuss

danparsonson|1 year ago

> ...rotating it after using it on an untrusted source?...

> ...the "cattle vs pets" way of thinking...

Good points both... To the former, of course you're right that once used, an emergency cert should be replaced, which could be onerous either from the point of view of having double the number of certs to manage (rather than one master key), or else having to rotate the master key on all servers. To the latter, I'm definitely thinking about pets, so I hadn't considered just throwing away the VM and starting again; that neatly sidesteps the issue.

Thanks!