1 |
rdmurray@××××××××.com wrote: |
2 |
> On Thu, 12 Oct 2006 at 15:02, Eduardo Tongson wrote: |
3 |
>> Ssh'ing to root with key-only plus a good passphrase is best. |
4 |
>> Avoid ugly workarounds and unnecessary complexity like port |
5 |
>> knocking and sudo. |
6 |
>> |
7 |
>> ssh in as root, this is not the 90's anymore. |
8 |
> |
9 |
> It may not be the 90s, but I can't count the number of times sudo has |
10 |
> saved me from disaster. I have different passwords on all my boxes (I |
11 |
> admin or work on 20+ machines), and I have far too often found myself |
12 |
> wondering why my password isn't working when I'm trying to do an 'sudo |
13 |
> reboot' (or, worse, shutdown) or some other dangerous command, only to |
14 |
> figure out that I'm typing the command in the wrong window....and that's |
15 |
> despite having the machine name in my zsh prompt. |
16 |
> |
17 |
> --David |
18 |
|
19 |
Yeah, maybe I should start working like that. |
20 |
|
21 |
I'm in the midst of moving my web/email multi-vhost server to a new |
22 |
machine. The other day I tarred up the whole vpopmail domains directory |
23 |
and transferred it to the new machine. The following day I was |
24 |
struggling with figuring out why some mail settings weren't working and |
25 |
decided to just delete the domains directory I had copied to the new |
26 |
machine.... except I wasn't on the new machine... had ssh'ed over to my |
27 |
live box to check something! It took me about 30 seconds to realize what |
28 |
I'd done and then I danced around the apartment proclaiming my stupidity |
29 |
to the heavens. :-O |
30 |
|
31 |
So, sudo with different passwords might have saved me some pain (I say |
32 |
"might" because you can still do some damage in the wrong window while |
33 |
sudo has the password.) |
34 |
|
35 |
b |
36 |
-- |
37 |
gentoo-server@g.o mailing list |