[developer1]

Handy? That sounds like a security nightmare. Your instances are accessible by simply being able to gain access to the Google account? Even with 2-factor authentication, this is a serious no-no to basic security requirements. A remote server should be only accessible from specific IPs using ssh keys. No passwords, no world-accessible browser interface.

[aianus]

> A remote server should be only accessible from specific IPs using ssh keys. No passwords, no world-accessible browser interface.

Maybe if you own the servers.

Since they're Google's or Amazon's servers you have to be able to administer them with some set of Google or Amazon credentials. Otherwise what would you do if sshd crashed?

[developer1]

I understand your point. I host on linode which has Lish (an out-of-bound terminal that gives you command-line access without ssh). I have it turned off normally, but again can be turned on by anyone who gains access to my account with credentials and 2-factor auth. It should take a lot more from an attacker to be able to access your servers.

[balls187]

> Otherwise what would you do if sshd crashed?

Kill that instance, and spin up a new one.

A wise BOFH gave a preso that stuck with me "Treat EC2 instances like cattle. When one strays off the farm, put a bullet in it's head."

Don't treat your cloud machines as special snowflakes. Build infrastructure via script.

[aianus]

How does that add any security? Anyone with access to your root AWS credentials still has your IP addresses and your EBS volumes/snapshots and can do whatever they want.

[balls187]

I wasn't addressing security; I addressed your comment about what do you do if SSHD crashes.

For grins, I wonder how many root AWS creds are tied to Gmail (read: Google) accounts.

[balls187]

This is the trade off I've wrestled with. I've kicked around setting up a Clound9 IDE with access to our environments, so that I can access and repair any of our production environments remotely without needing my laptop.

[babo]

If a Google account compromised all of the assigned features are available at the web console anyway, having ssh access doesn't add that much risk.