Re: Hostbased auth for root only

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



--- On Wed, 9/10/08, Wayne Sweatt <sweatt@xxxxxxxx> wrote:

> I would like to get the word on how to best set up my sshd
> server to allow
> root on a single client hostbased authorization to several
> servers - as
> securely as possible.
> I have a requirement to have unattended root access to
> these systems.
> I need to have hostbased work for root only. No non-root
> users should be
> able to use hostbased, but kerberos instead.

Can you force key authentication on the server?  That always helps.

Either way, you could use authorized_keys in the root account of the ssh server to include keys from the clients needing access.  If that's not tight enough, you could prepend a 'permitonly' line in the root servers' authorized_keys file entry for each key.  ie:

from="10.5.4.3" ssh-dss qKAF7fFNeOJcdA+vWa..etc..key...
from="10.5.4.88" ssh-dss hFTn2NlbU4bgP...etc...key...




      

[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux