Gandi.net Groups

Gandi has placed their public ssh key in root's .ssh/authorized_keys
file.  This makes me think Gandi intends to access my server, perhaps to
help me with problems.  I usually put my public key in that file.  If I
had not, by chance, noticed their key there I put have written over it. 
In this case I appended my key.  

Are there other files Gandi has changed I need to be careful not to
overwrite?

I usually move sshd to a 5 digit port number to reduce log messages from
ssh dictionary attacks.  That will make it difficult for Gandi to login.

Do I need to leave port 22 in sshd?  If Gandi told me the IP address
range they intend to login from I could open a firewall port just for
their addresses

Bill.

On Mar, 7 2008 18:36 CET, Bill Merriam wrote:

Gandi has placed their public ssh key in root's .ssh/authorized_keys

Does Gandi do this? I hope this is part of Gandi AI and that no keys or
other means of access are installed in manual installations.

On Mar, 11 2008 22:32 CET, Gioele Barabucci wrote:

On Mar, 7 2008 18:36 CET, Bill Merriam wrote:

Gandi has placed their public ssh key in root's .ssh/authorized_keys

Does Gandi do this? I hope this is part of Gandi AI and that no keys
or
other means of access are installed in manual installations.

manual install too afaik, i guess its ok to remove their access because
ive done that too, you should be aware that you may cripple their
support or void warranty :-)
the only sane reason to do so is protect yourself from automated attacks
on their network (support server compromised > access all servers and
compromise data) but you should know that the xen solution they use
(well all virtualization/vps solutions out there too) does not protect
your data from the main hosting server where you vps runs from, the
private VPS data, filesystem, memory etc is all available to the system
admin anyway, so like i said, the only reason to remove their access is
to protect yourself from outside attacks on them..