Hacker News new | ask | show | jobs
by JoachimSchipper 3004 days ago
What are you assuming about exposure? If a SSH key lives on a well-secured workstation or bastion host (and you ideally don't agent-forward it to insecure hosts), rotating that key once per hour doesn't seem a top priority to me? E.g. a sudo password is (lower-impact, but) more likely to get exposed to compromised hosts?

("Well-secured workstation" is arguably an oxymoron, of course...)
1 comments
cassianoleal 3004 days ago
Wait, you keep private SSH keys on bastion hosts?

It's much better practice to use the bastion as a proxy to the other hosts. This is easily achieved using the ProxyCommand option of OpenSSH.

No agent forwarding, no secrets kept in random hosts.

link
JoachimSchipper 3004 days ago
No, keeping SSH keys on bastion hosts was the silliest reasonable thing I could think of.
link
scrollaway 3004 days ago
Do you know a good guide with standard practices for setting up and securing bastion hosts (preferably on aws)?
link
toomuchtodo 3004 days ago
If you don’t require interactive sessions, consider using AWS SSM run command [1] instead. You install the agent on the instances, with commands sent from the client through the AWS control plane (with IAM and SSM documents for access control and CloudTrail logs of all commands issued).

I’m currently deploying it in an enterprise for ~5k users, and it works surprisingly well for providing the ability to run arbitrary commands on instances without ssh access.

[1] https://docs.aws.amazon.com/systems-manager/latest/userguide...

link