Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Obviously you have to compare the likelihood of remote code execution in nginx/apache to that of ssh. Nginx is much, much simpler than OpenSSH.

And, obviously, giving a third party remote root SSH access to your server already is a glaring vulnerability.



The nginx package on Debian has more LOC than the openssh-server package. Apache, of course, is huge. This doesn't map perfectly onto complexity, but gives some indication that "much, much simpler" may not be entirely accurate.

Moreover, the default SSH setup gives you everything you need for the (still undesirable) current setup, and is almost certainly running regardless. The default nginx install does not - you have to tweak setup to lock it down and add stuff to actually fetch the content, and since that (we have stipulated) has to be done as a privileged user there is room for error.

Again, giving a root login key to OVH means no security against OVH, and relying on their securing the key. I agree that this is a bad idea. Depending on the amount you trust OVH and their security, it may be more secure against people other than OVH than certain specific alternatives (perhaps all the alternatives if you artificially constrain yourself into running a single process as root that talks to the outside).


Nginx is much, much simpler than OpenSSH.


This seems an absurd digression.

"Simpler" is surely something we could quantify, and while LOC tracks it loosely it's obviously not the same thing, and SSH is almost certainly more complex per LOC than typical. Where that becomes "much" simpler, and from there "much, much" simpler is fundamentally subjective, but if you want to put up some numbers based on some other metric feel free, and we can take this further; it strikes me as unlikely that a smaller system would fall in the range I would label "much, much simpler" - but I am not an expert on either piece of software.

Regardless, it is a digression. The complexity of openssh is not at issue, unless you are advocating they not use openssh at all. Nginx + openssh is absolutely unequivocally not "much, much simpler" than openssh.

Adding nginx interfacing with new, privileged code does add significant complexity that using-the-already-present-ssh does not. Some of this complexity is exposed to those who do not have any credentials. Therefore, the security of the system toward those attackers may go up for those reasons more than it goes down because of the existence of an additional set of root credentials they do not have easy access to. This is presuming that OVH's security is sufficiently trusted; a big assumption, to be sure.

We're still agreed that the best approach is some kind of reasonable hand-off of data from the privileged process that reads the data and the external access of whatever form, presuming any of the data really needs privileged access in the first place.


The reasoning you're using here about exposed attack surface and complexity is faulty. You are better off exposing a trivial interface with nginx or Apache than in giving someone SSH credentials.


> The reasoning you're using here about exposed attack surface and complexity is faulty.

Could you point to the fault?


I could, easily, but we're pretty far to the right margin. If you'd like to email me, I'm happy to explain the reasoning.


I apologize up front for the OT post, but I have never seen a thread extend this much to the right.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: