1 |
On Thu, 14 Jul 2022 11:54:46 +0200, J. Roeleveld wrote: |
2 |
|
3 |
> For security reasons, I do not want direct login to root under any |
4 |
> circumstances. This is disabled on all systems and will stay this way. |
5 |
> |
6 |
> Currently, to login as root, you need to know: |
7 |
> - admin user account name |
8 |
> - admin user account password |
9 |
> - root user account password |
10 |
> |
11 |
> I do not want to reduce this to a single ssh-key-passphrase. |
12 |
|
13 |
Is this user only used as a gateway to root access, or can you set up such |
14 |
a user? If so you could use key-based authentication for that user, with |
15 |
a passphrase, and add command="/bin/su --login" to the authorized_keys |
16 |
line. That way you still need three pieces of information, replacing the |
17 |
user's password with the user's key passphrase. |
18 |
|
19 |
|
20 |
-- |
21 |
Neil Bothwick |
22 |
|
23 |
30 minutes of begging is not considered foreplay. |