kickstarts, installs and root ssh keys
Jan-Frode Myklebust
janfrode at tanso.net
Tue Apr 10 21:38:30 UTC 2012
On Tue, Apr 10, 2012 at 05:11:14PM -0400, seth vidal wrote:
>
> 1. allow lockbox01-only and ssh-key-only access, as root, via ssh to
> our systems. This would be an ssh key only on lockbox and owned by root
I'm no fan of passphrase-less ssh-keys.. as they turn read-random-file
vulnerabilities into full root exploits.
Wouldn't it be better to have root's authorized_keys file contain the
pubkeys of each individual admin that should be allowed to ssh from
lockbox01 (prefixed with from=lockbox01 of course) ? Or is this too much
hassle to maintain?
-jf
More information about the infrastructure
mailing list