Restricting root to specific network while leaving other accounts unaffected
William Muriithi
william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Sun Jul 14 21:09:41 UTC 2013
>> SSH keys don't work well here. I would have to put the keys all over and
that's even more insecure.
>
>
> Why is that insecure? Only the public key goes on the remote computer.
The private key can be on your own account on the computer you connect
from.
>
But as I described above, we do not connect from one system. When
deploying on UAT, I would have to put the QA private keys on all UAT. When
deploying on production, I would have to put all UAT private keys on
production.
When you have keys in all those systems, I would say security wise, you
are worse off. Keys work well if you always originate from one system that
you trust. Password that age are far better in that setup.
William
> --
> The Toronto Linux Users Group. Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20130714/a915d6f7/attachment.html>
More information about the Legacy
mailing list