Re: Hostbased auth for root only
- From: Joseph Spenner <joseph85750@xxxxxxxxx>
- Date: Thu, 11 Sep 2008 15:30:52 -0700 (PDT)
--- On Wed, 9/10/08, Wayne Sweatt <sweatt@xxxxxxxx> wrote:
I would like to get the word on how to best set up my sshd
server to allow
root on a single client hostbased authorization to several
servers - as
securely as possible.
I have a requirement to have unattended root access to
these systems.
I need to have hostbased work for root only. No non-root
users should be
able to use hostbased, but kerberos instead.
Can you force key authentication on the server? That always helps.
Either way, you could use authorized_keys in the root account of the ssh server to include keys from the clients needing access. If that's not tight enough, you could prepend a 'permitonly' line in the root servers' authorized_keys file entry for each key. ie:
from="10.5.4.3" ssh-dss qKAF7fFNeOJcdA+vWa..etc..key...
from="10.5.4.88" ssh-dss hFTn2NlbU4bgP...etc...key...
- References:
- Hostbased auth for root only
- From: Wayne Sweatt
- Hostbased auth for root only
- Prev by Date: Hostbased auth for root only
- Next by Date: Requiring multiple authentication
- Previous by thread: Hostbased auth for root only
- Next by thread: Requiring multiple authentication
- Index(es):
Relevant Pages
|
