Hello everyone,
I just joined gentoo-server mailing list yesterday. I've been semi-active in
Gentoo forums since 2003, though, so some of you might recognize me from
there.
On Friday 13 October 2006 01:06, Christian Spoo wrote:
> Ricardo Loureiro schrieb:
> > That works well, until the users ty
Ricardo Loureiro schrieb:
> That works well, until the users type sudo bash like I saw many ppl doing...
Then you can restrict the commands your guys are allowed to execute.
It's very easily handled in the sudoers file.
In typical LAMP installations you could configure, separate DB admin,
WWW adm
Hi,
That works well, until the users type sudo bash like I saw many ppl doing...
Ricardo Loureiro
On Thursday 12 October 2006 17:17, Longman, Bill wrote:
> One point you may want to take into account is the audit trail you get from
> sudo. I think it's far better to see who actually logged in an
One point you may want to take into account is the audit trail you get from
sudo. I think it's far better to see who actually logged in and then what
they did. I turn off ssh root login on all my machines, period. My admins
must log in as themselves and then sudo when they need to. I can then see
l
Peter Abrahamsen wrote:
> On 10/12/06, Kalin KOZHUHAROV <[EMAIL PROTECTED]> wrote:
>> How do you permit key-only for non-root users??
>
> PasswordAuthentication no
> ChallengeResponseAuthentication no
>
> it's in the inline docs in sshd_config.
>
Oookey! Now I saw it.
I was trying a few times t
[EMAIL PROTECTED] wrote:
On Thu, 12 Oct 2006 at 15:02, Eduardo Tongson wrote:
Ssh'ing to root with key-only plus a good passphrase is best.
Avoid ugly workarounds and unnecessary complexity like port
knocking and sudo.
ssh in as root, this is not the 90's anymore.
It may not be the 90s, but I
Hi,
don't forget two important advantages of logging in as yourself:
1) You don't always want to be root. Many tasks can be performed as a
normal user. You wont screw up your server so easily as a normal user.
Maybe you will even have different users for different tasks (useful if
you're not the
On Thu, 12 Oct 2006 at 15:02, Eduardo Tongson wrote:
Ssh'ing to root with key-only plus a good passphrase is best.
Avoid ugly workarounds and unnecessary complexity like port
knocking and sudo.
ssh in as root, this is not the 90's anymore.
It may not be the 90s, but I can't count the number of
On Thursday 12 October 2006 09:44, Kalin KOZHUHAROV wrote:
> Francisco Olarte Sanz wrote:
> > On Thursday 12 October 2006 04:01, Peter Abrahamsen wrote:
> >> Which is a better idea, allowing key-only root access, or ssh'ing in
> >> as myself and running su/sudo/whatever? Either way, I'll set up
> >
On Wed, 11 Oct 2006 at 19:53, Dice R. Random wrote:
The danger with key-only auth, IMO, is that if your workstation is
compromised, even just the user account, an attacker can copy your
private key and gain root access to the server. Of course your user
Only if they also break the encryption o
Thanks to you all for your advice. I value simplicity, and it seems
like having fewer suid binaries is a good thing.
I'm also trying to wrap my brain around pax and grsecurity. It's
exciting to see what you can do.
Cheers,
Peter
--
gentoo-server@gentoo.org mailing list
PasswordAuthentication no
ChallengeResponseAuthentication no
it's in the inline docs in sshd_config.
P
On 10/12/06, Kalin KOZHUHAROV <[EMAIL PROTECTED]> wrote:
Francisco Olarte Sanz wrote:
> On Thursday 12 October 2006 04:01, Peter Abrahamsen wrote:
>
>> Which is a better idea, allowing key-on
Francisco Olarte Sanz wrote:
> On Thursday 12 October 2006 04:01, Peter Abrahamsen wrote:
>
>> Which is a better idea, allowing key-only root access, or ssh'ing in
>> as myself and running su/sudo/whatever? Either way, I'll set up
>> iptables so that connection attempts from anywhere other than my
Eduardo Tongson wrote:
> On 10/12/06, Peter Abrahamsen <[EMAIL PROTECTED]> wrote:
>> Hi list,
>>
>> I'm looking for some opinions for a security decision. I need to
>> enable remote administrative access to critical systems living about
>> 3-4 hours from me and in another country. The systems will
On Thursday 12 October 2006 04:01, Peter Abrahamsen wrote:
> Which is a better idea, allowing key-only root access, or ssh'ing in
> as myself and running su/sudo/whatever? Either way, I'll set up
> iptables so that connection attempts from anywhere other than my
> office are -j DROP'ed.
W
On 10/12/06, Peter Abrahamsen <[EMAIL PROTECTED]> wrote:
Hi list,
I'm looking for some opinions for a security decision. I need to
enable remote administrative access to critical systems living about
3-4 hours from me and in another country. The systems will be running
LAMP, more or less.
Which
16 matches
Mail list logo
