1

I manage about 50 servers mostly by remote access using ssh on a custom port (root login disabled and users need a public/private key to log in, password login are disabled).

each servers have a unique root password (long string of letters(upper/lower case), number and special characters that doesn't look like a dictionary word).

every server is kept under close monitoring for failures but also unexpected processes, behavior and hacking attempts.

there are only 3 people how knows the root password, and I know they wont write it down somewhere (for that matter, they are as paranoid as me), so I see no reason why this password should be compromised.

Knowing all this, is there a reason why I should change my root password at regular interval ? and if so, what would be a correct interval ?

cptHammer
  • 113
  • 4

2 Answers2

1

I'll start with a cliché: security is like an onion, it's made of layers.

Changing your passwords regularly certainly does not hurt, but as you seem to be paranoid, you won't probably

  • access your network from suspicious locations
  • access your network using suspicious devices
  • do not use similar passwords anywhere else

Also I presume you have properly firewalled your environment.

That reduces the absolute need of constantly changing passwords, but as I said, security is like an onion and a regular password refresh day is not a bad thing.

Janne Pikkarainen
  • 31,852
  • 4
  • 58
  • 81
0

It's a good practice to change passwords every x days. Where x depend on the level of paranoia ;)

ALex_hha
  • 7,193
  • 1
  • 25
  • 40
  • 1
    There must be a reason for this. What might it be ? Changing a password is also a risk. it might be compromised while it is comunicated to other sysadmins. people might write it down to get time to remember it... – cptHammer Jul 31 '13 at 07:36
  • @cptHammer: Things kept secure can become compromised over time. If people write it down to get time to remember it or to pass to others who need it, they may put the written copy someplace that is secure at the time. But over time, that secure location may become compromised. A desk might be given to someone else. A wallet may be lost. The more time that elapses between when the person knew they needed to keep the password secure and when it's compromised, the less likely the compromise will be recognized and reported. Do you know what you put in your wallet two years ago that's still there? – David Schwartz Jul 31 '13 at 08:18