I'm setting up a server at a new colocation center half way around the world. They installed the OS for me and sent me the root password, so there's obviously a great amount of trust in them.
However, I'm pretty sure I don't want them to have my root password on a regular basis. And anyway, I intend to only allow key-based login.
On some cases, though, it might be useful to let their technical support log in through a physical terminal. For example, if I somehow mess up the firewall settings.
- Should I even bother worrying about that?
- Should I set up a sudoer account with a one-time password that will change if I ever use it?
- Is there a common strategy for handling something like this?
Well, a lot will obviously depend on the specifics of the case, but you should keep in mind that with physical access to the machine, they can practically do anything they want anyway.
The common solution for this is to give them a dedicated maintenance account that has root rights via sudo. Then you can give them the pw when you want them to have root access. If you want to take away root access, just change the pw on the maintenance account. Alternatively, you can keep the password, and enable/disable root rights via the sudo configuration as required.
At any rate you can configure SSH to only allow key-based logins. Then the maintenance account + pw would only be usable for logins at the physical console (even if it is enabled), further restricting the access to the system (if you want to).
We got a similar setup for some external boxes. We keep the root-password secret and only give it out when it's needed, when done we change it. We do not allow root logins via ssh so the password is only relevant when you got physical access.
You should buy an option for access via IP-KVM. You will have access to everything, including single-user mode and BIOS.