[aianus]

> A remote server should be only accessible from specific IPs using ssh keys. No passwords, no world-accessible browser interface.

Maybe if you own the servers.

Since they're Google's or Amazon's servers you have to be able to administer them with some set of Google or Amazon credentials. Otherwise what would you do if sshd crashed?

[developer1]

I understand your point. I host on linode which has Lish (an out-of-bound terminal that gives you command-line access without ssh). I have it turned off normally, but again can be turned on by anyone who gains access to my account with credentials and 2-factor auth. It should take a lot more from an attacker to be able to access your servers.

[balls187]

> Otherwise what would you do if sshd crashed?

Kill that instance, and spin up a new one.

A wise BOFH gave a preso that stuck with me "Treat EC2 instances like cattle. When one strays off the farm, put a bullet in it's head."

Don't treat your cloud machines as special snowflakes. Build infrastructure via script.

[aianus]

How does that add any security? Anyone with access to your root AWS credentials still has your IP addresses and your EBS volumes/snapshots and can do whatever they want.

[balls187]

I wasn't addressing security; I addressed your comment about what do you do if SSHD crashes.

For grins, I wonder how many root AWS creds are tied to Gmail (read: Google) accounts.