Re: Hostbased auth for root only




--- On Wed, 9/10/08, Wayne Sweatt <sweatt@xxxxxxxx> wrote:

I would like to get the word on how to best set up my sshd
server to allow
root on a single client hostbased authorization to several
servers - as
securely as possible.
I have a requirement to have unattended root access to
these systems.
I need to have hostbased work for root only. No non-root
users should be
able to use hostbased, but kerberos instead.

Can you force key authentication on the server? That always helps.

Either way, you could use authorized_keys in the root account of the ssh server to include keys from the clients needing access. If that's not tight enough, you could prepend a 'permitonly' line in the root servers' authorized_keys file entry for each key. ie:

from="10.5.4.3" ssh-dss qKAF7fFNeOJcdA+vWa..etc..key...
from="10.5.4.88" ssh-dss hFTn2NlbU4bgP...etc...key...








Relevant Pages

  • RFX NETWORKS ALERT
    ... below was posted to some security websites. ... | in security and scalable server management on varying levels. ... Got Root? ... Your Server login ID is: ...
    (alt.linux)
  • Solaris Sparc 9 12/3 Core ./installer failing due Java?
    ... system SUNWadmr System & Network Administration Root ... system SUNWapchd Apache Web Server Documentation ... system SUNWapchu Apache Web Server (usr) ... system SUNWaudd Audio Drivers ...
    (comp.unix.solaris)
  • core install of Solaris 9 (sparc) package list can be trimmed ?
    ... This is a server that will have very specific reasons ... system SUNWadmr System & Network Administration Root ... system SUNWeu8os American English/UTF-8 L10N For OS Environment User Files ... system R SUNWfcip Sun FCIP IP/ARP over FibreChannel Device Driver ...
    (comp.unix.solaris)
  • [Full-Disclosure] RFX Networks
    ... | in security and scalable server management on varying levels. ... | monitor to take action during situations of service failure. ... Got Root? ... Your Server login ID is: ...
    (Full-Disclosure)
  • RFX Networks/ RackAdmin.com ALERT
    ... below was posted to some security websites. ... | in security and scalable server management on varying levels. ... Got Root? ... Your Server login ID is: ...
    (comp.os.linux)