On Tue, Apr 10, 2012 at 05:11:14PM -0400, seth vidal wrote: > > 1. allow lockbox01-only and ssh-key-only access, as root, via ssh to > our systems. This would be an ssh key only on lockbox and owned by root I'm no fan of passphrase-less ssh-keys.. as they turn read-random-file vulnerabilities into full root exploits. Wouldn't it be better to have root's authorized_keys file contain the pubkeys of each individual admin that should be allowed to ssh from lockbox01 (prefixed with from=lockbox01 of course) ? Or is this too much hassle to maintain? -jf _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
