Re: SSH Automatic Log-on Failure - Centos 5.5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, 27 Jan 2011, Nico Kadel-Garcia wrote:

> Wrong again. Never use public key access for root accounts, it simply
> compounds the security risks. Passphrase protected SSH keys can be
> used, reasonably, for account access on other hosts, but should be
> avoided for root access. If you *HAVE* to use an SSH key for root, for
> example for "rsync" based backup operations, use rssh to restrict its
> operations or designate a permitted command associated with that key
> in the target's authorized_keys.

Is this actually current doctrine for typical machines?  I thought plenty of
people advocated restricting ssh to AllowRoot without-password.  What exactly
is your security concern with having password protected key access to a
machine's root account?

I'll agree Using command= for things like rsync backups is definitely a good
idea, as it means you can put ssh keys on machines that only grant them single
command access.

jh
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux