Let me be clear, I agree it should not be *normal* to SSH into a prod box. Our l... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		shawkinaw on Dec 14, 2020 \| parent \| context \| favorite \| on: Google outage – resolved Let me be clear, I agree it should not be normal to SSH into a prod box. Our logs are centrally aggregated. But it’s one thing to say it’s not normal, but quite another to say engineers shouldn't have access, because I totally disagree with that.

throwaway201103 on Dec 14, 2020 [–]

What normally (should) happens in that unusual case is that the engineer is issued a special short-lifetime credential to do what needs to be done. An audit trail is kept of when and to whom the credential was issued, for what purpose, when it was revoked, etc.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact