LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

SSH: passwords or keys?

SSH: passwords or keys?

Posted Jan 14, 2010 11:54 UTC (Thu) by marcH (subscriber, #57642)
In reply to: SSH: passwords or keys? by iq-0
Parent article: SSH: passwords or keys?

Out of curiosity: why don't you completely disable remote root login and force all root wanabees to first go through a regular user login? This gives some auditing in a very simple way.

(Log in to post comments)

SSH: passwords or keys?

Posted Jan 14, 2010 13:09 UTC (Thu) by iq-0 (subscriber, #36655) [Link]

Because 90% of our servers are heavy-weight appliances and only consist of
role accounts. We don't want to sync our personnel file with all instances.
And 'su' from a role account to another role account is not really sensible.

And now people who have enough privileges can directly copy files from/to
the server or trigger mass updates accross all machines (which is trickier
to do if you want to do that via a regular user account).

Currently we only have to update the authorized_keys file of the role
accounts and in the case of separate role acccounts we'd probably need some
sort of password verification for the su/sudo behaviour, which is now done
through the smartcard key-based login.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds