Re: shared root account
> On Fri, Jul 06, 2001 at 12:15:43PM +0300, Juha Jäykkä wrote:
>
> > I have a bit of a situation: I have a handful of linux machines
> > (almost all with different distributions and kernels and software -
> > one hell to keep secure) and all the machines have different roots.
> > These guys want to keep their root passwords (or at least the root
> > privileges) so they can update their X/KDE/whatever when/if they feel
> > like it but on the other hand, they would like to see someone (me)
> > keep their machines secure - something they themselves do not have
> > time (we all know keeping up security is a fulltime job). Obviously to
> > install patches etc I, also, need root privileges.
> > This poses a problem if I am not to remember all those different
> > root passwords and without making all the passwords the same! How can
> > that _safely_ be accomplished? There are versions of su, sudo etc) that
Use SSH and its RSA authentications (preferably with ssh-agent). With
OpenSSH You can change /etc/ssh/sshd_config to read:
PermitRootLogin without-password
(quoting from memory)
and put Your RSA public key in ~root/.ssh/authorized_keys
This solution works flawlesly in my company (several machines spread all
over the country with different people doing day-to-day management)
--
Robert Ramiega | jedi@plukwa.net IRC: _Jedi_ | Do not underestimate
UIN: 13201047 | http://www.plukwa.net/ | the power of Source
Reply to: