Re: kickstarts, installs and root ssh keys | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
On Tue, 10 Apr 2012 23:38:30 +0200 Jan-Frode Myklebust <janfrode@xxxxxxxxx> wrote: > On Tue, Apr 10, 2012 at 05:11:14PM -0400, seth vidal wrote: > > > > 1. allow lockbox01-only and ssh-key-only access, as root, via ssh to > > our systems. This would be an ssh key only on lockbox and owned by > > root > > I'm no fan of passphrase-less ssh-keys.. as they turn > read-random-file vulnerabilities into full root exploits. > > Wouldn't it be better to have root's authorized_keys file contain the > pubkeys of each individual admin that should be allowed to ssh from > lockbox01 (prefixed with from=lockbox01 of course) ? Or is this too > much hassle to maintain? > I'm not sure how having and managing N-keys is better than having and managing 1-Key. Either way you have to manage/maintain the key(s). And instead of having 1 key you have to protect from theft/compromise you have N-keys to protect from theft/compromise. -sv _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
[Home] [Fedora Users] [Fedora Legacy List] [Fedora Maintainers] [Fedora Desktop] [Red Hat 9 Bible] [Fedora Bible] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools]
