Security Practices question
William Waites
ww at styx.org
Thu Oct 3 18:21:57 UTC 2002
>>> "Scott" == Scott Francis <darkuncle at darkuncle.net> writes:
Scott> You don't _have_ logins directly to 4000 machines. You have
Scott> a central admin host (or five) with user-level
Scott> accounts. Those user-level accounts can 'sudo ssh <target>'
Scott> to accomplish things as root on the remote boxes.
umm... i think you have it backwards. better would be: the admins have
logins on the remote machines, with no local password and rsa keys
disabled. the remote machines trust the admin machines and do host
based authentication. most admins may or may not have root on the
admin machine. admins have normal user accounts on the admin box.
sudo is set up on the remote ones. admin then does 'ssh foobar sudo
blah' to accomplish something as root on the remote boxes without
loggin in as directly as root. ever.
(for a remote root shell, 'ssh -t foobar sudo su -' or similar)
the main difference is it leaves an audit trail of who is doing what
where as root -- with 4000 machines, you are doing remote logging, no?
Scott> All of which can be handled with sudo, without giving away
Scott> the keys to the castle.
>> Sorry to ruffle your dogma.
Scott> Not dogma, just best practice.
since when does best practice entail logging in directly as root over
the network?
--
William Waites <ww at styx.org>
Idiosyntactix Research Laboratories
http://www.irl.styx.org
More information about the NANOG
mailing list