Re: SSH login for normal users using authorized keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 22 Nov 2004, Wade Chandler wrote:

> Mike Burger wrote:
> > On Mon, 22 Nov 2004, Jithesh wrote:
> > 
> > 
> >>Hi all,
> >>
> >>I was able to create successful login for the root account from a remote
> >>client with the help of the public key and the authorized key. But when
> >>I tried to do it for a normal account it still asks for the password.
> >>
> >>Here is what I have done
> >>1. Generated the public key in the client machine.
> >>2. Copied the same into the server's normal user account's
> >>~/.ssh/authorized_keys
> >>3. Changed the permission to read only for the file authorized_keys
> >>
> >>I did the same thing for the root account and it worked but not or other
> >>users.
> > 
> > 
> > This may not directly answer your question, but wouldn't it be a more 
> > prudent move to have the users log into the remote system, and either su 
> > to root, or use sudo to run root level commands?  Using sudo, you can A) 
> > log who ran what and B) not have to give out the root password.
> > 
> I think the question is not how to run commands as root, but how to 
> setup key files for ssh in the .ssh directory so his users can login 
> without having to type anything.  I really don't have the answer right 
> now as I have used documentation everytime I did this.  I have done this 
> for sourceforge accounts before.  Maybe the sourceforge documentation 
> could help you.  Go to www.sourceforge.net and read the section about 
> developer access to a project and setting up ssh access with key files.

That's the thing...it appears, really, that it specifically has to do 
with logging in, remotely, as root, by regular users.  He specifically 
stated that he's done what he needs to do to get the root user to be able 
to ssh directly in using a key...he wants the users to be able to log in 
as root, using keys.

Those users are still going to have to type in whatever commands they need 
to use, so why not save himself the potential security hassles of having 
root login, and use sudo (or su, if necessary)?

It was just a suggestion, on my part...a way to get around it, which, in 
my mind, would provide better security for the process.

-- 
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org

To be notified of updates to the web site, visit 
http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a 
message to:

site-update-request@xxxxxxxxxxxxxxxxx

with a message of: 

subscribe

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux