Re: Hostbased auth for root only




--- On Wed, 9/10/08, Wayne Sweatt <sweatt@xxxxxxxx> wrote:

I would like to get the word on how to best set up my sshd
server to allow
root on a single client hostbased authorization to several
servers - as
securely as possible.
I have a requirement to have unattended root access to
these systems.
I need to have hostbased work for root only. No non-root
users should be
able to use hostbased, but kerberos instead.

Can you force key authentication on the server? That always helps.

Either way, you could use authorized_keys in the root account of the ssh server to include keys from the clients needing access. If that's not tight enough, you could prepend a 'permitonly' line in the root servers' authorized_keys file entry for each key. ie:

from="10.5.4.3" ssh-dss qKAF7fFNeOJcdA+vWa..etc..key...
from="10.5.4.88" ssh-dss hFTn2NlbU4bgP...etc...key...