1 |
Em qui., 14 de jul. de 2022 11:48, Neil Bothwick <neil@××××××××××.uk> |
2 |
escreveu: |
3 |
|
4 |
> On Thu, 14 Jul 2022 11:54:46 +0200, J. Roeleveld wrote: |
5 |
> |
6 |
> > For security reasons, I do not want direct login to root under any |
7 |
> > circumstances. This is disabled on all systems and will stay this way. |
8 |
> > |
9 |
> > Currently, to login as root, you need to know: |
10 |
> > - admin user account name |
11 |
> > - admin user account password |
12 |
> > - root user account password |
13 |
> > |
14 |
> > I do not want to reduce this to a single ssh-key-passphrase. |
15 |
> |
16 |
> Is this user only used as a gateway to root access, or can you set up such |
17 |
> a user? If so you could use key-based authentication for that user, with |
18 |
> a passphrase, and add command="/bin/su --login" to the authorized_keys |
19 |
> line. That way you still need three pieces of information, replacing the |
20 |
> user's password with the user's key passphrase. |
21 |
> |
22 |
> |
23 |
> -- |
24 |
> Neil Bothwick |
25 |
> |
26 |
> 30 minutes of begging is not considered foreplay. |
27 |
> |
28 |
|
29 |
Or you might consider creating a ssh key pair for the remote root and login |
30 |
directly to root with no password, only using the ssh keys. |
31 |
|
32 |
> |