| 1 |
rdmurray@××××××××.com wrote: |
| 2 |
> On Thu, 12 Oct 2006 at 15:02, Eduardo Tongson wrote: |
| 3 |
>> Ssh'ing to root with key-only plus a good passphrase is best. |
| 4 |
>> Avoid ugly workarounds and unnecessary complexity like port |
| 5 |
>> knocking and sudo. |
| 6 |
>> |
| 7 |
>> ssh in as root, this is not the 90's anymore. |
| 8 |
> |
| 9 |
> It may not be the 90s, but I can't count the number of times sudo has |
| 10 |
> saved me from disaster. I have different passwords on all my boxes (I |
| 11 |
> admin or work on 20+ machines), and I have far too often found myself |
| 12 |
> wondering why my password isn't working when I'm trying to do an 'sudo |
| 13 |
> reboot' (or, worse, shutdown) or some other dangerous command, only to |
| 14 |
> figure out that I'm typing the command in the wrong window....and that's |
| 15 |
> despite having the machine name in my zsh prompt. |
| 16 |
> |
| 17 |
> --David |
| 18 |
|
| 19 |
Yeah, maybe I should start working like that. |
| 20 |
|
| 21 |
I'm in the midst of moving my web/email multi-vhost server to a new |
| 22 |
machine. The other day I tarred up the whole vpopmail domains directory |
| 23 |
and transferred it to the new machine. The following day I was |
| 24 |
struggling with figuring out why some mail settings weren't working and |
| 25 |
decided to just delete the domains directory I had copied to the new |
| 26 |
machine.... except I wasn't on the new machine... had ssh'ed over to my |
| 27 |
live box to check something! It took me about 30 seconds to realize what |
| 28 |
I'd done and then I danced around the apartment proclaiming my stupidity |
| 29 |
to the heavens. :-O |
| 30 |
|
| 31 |
So, sudo with different passwords might have saved me some pain (I say |
| 32 |
"might" because you can still do some damage in the wrong window while |
| 33 |
sudo has the password.) |
| 34 |
|
| 35 |
b |
| 36 |
-- |
| 37 |
gentoo-server@g.o mailing list |
Archives