Hi all,
I´m looking for a good ssh password/key setup for a system administration of multiple servers.
The ideal one will be one that can be at the same time comfortable and secure, but after thinking a lot around the problem, no solution seems acceptable.
Basically I arrive to these 2 setups:
One where every server has a strong (and unique) root password. To manage them, instead of logging with the password, I added a password'ed public key to their authorized keys.
I can login to all of them with the combo of the private key / private key passphrase from any computer.
Problems: Direct root login allowed.
The other one:
Direct root login disabled. Same setup with private key to login to a user account with su permission. Once logged as user, use su to login as root (must type root password).
Problems. Not very comfortable to retrieve each server root password. More comfortable, use a one for all root password (taking in account that no direct root login is allowed).
What do you think is better? Do you know any other good setup? Thanks in advance!