Hostbased auth for root only

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I would like to get the word on how to best set up my sshd server to allow
root on a single client hostbased authorization to several servers - as
securely as possible.
I have a requirement to have unattended root access to these systems.
I need to have hostbased work for root only. No non-root users should be
able to use hostbased, but kerberos instead.
I would be using openssh 4.3p2.

Is there anything wrong or poorly configured with what I have below?

As I see it, I would configure the server with the 3 config files ....

/etc/ssh/sshd_config:

# Essential for Hostbased for root -
PermitRootLogin without-password
HostbasedAuthentication yes
IgnoreUserKnownHosts yes
IgnoreRhosts no

# For Kerberos - non-root
KerberosAuthentication yes
GSSAPIAuthentication yes

# Optionally
StrictModes yes
RSAAuthentication no
PubkeyAuthentication no
# I would augment access control with pam_access.
UsePAM yes

--------
/root/.shosts:
<my_trusted client>

--------
/etc/ssh/ssh_known_hosts:
<my_trusted client> <rsa/dsa key>



[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux