--- On Wed, 9/10/08, Wayne Sweatt <sweatt@xxxxxxxx> wrote: > I would like to get the word on how to best set up my sshd > server to allow > root on a single client hostbased authorization to several > servers - as > securely as possible. > I have a requirement to have unattended root access to > these systems. > I need to have hostbased work for root only. No non-root > users should be > able to use hostbased, but kerberos instead. Can you force key authentication on the server? That always helps. Either way, you could use authorized_keys in the root account of the ssh server to include keys from the clients needing access. If that's not tight enough, you could prepend a 'permitonly' line in the root servers' authorized_keys file entry for each key. ie: from="10.5.4.3" ssh-dss qKAF7fFNeOJcdA+vWa..etc..key... from="10.5.4.88" ssh-dss hFTn2NlbU4bgP...etc...key...