On Mar, 11 2008 22:32 CET, Gioele Barabucci wrote:
On Mar, 7 2008 18:36 CET, Bill Merriam wrote:
Gandi has placed their public ssh key in root's .ssh/authorized_keys
Does Gandi do this? I hope this is part of Gandi AI and that no keys
or
other means of access are installed in manual installations.
manual install too afaik, i guess its ok to remove their access because
ive done that too, you should be aware that you may cripple their
support or void warranty :-)
the only sane reason to do so is protect yourself from automated attacks
on their network (support server compromised > access all servers and
compromise data) but you should know that the xen solution they use
(well all virtualization/vps solutions out there too) does not protect
your data from the main hosting server where you vps runs from, the
private VPS data, filesystem, memory etc is all available to the system
admin anyway, so like i said, the only reason to remove their access is
to protect yourself from outside attacks on them..
abaddon