Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Giving up on Fedora 9



 Yes, the line I put in authorized_keys includes 
"from=backup-server.example.com" 
and "command=/usr/bin/rsync", or settings to that effect. 



On Wed, Jul 16, 2008 at 3:09 PM, Dan Ritter <[hidden email]> wrote: 
> On Wed, Jul 16, 2008 at 03:02:02PM -0400, John Abreau wrote: 
>> On Wed, Jul 16, 2008 at 2:06 PM, Bill Bogstad <[hidden email]> wrote: 
>> 
>> > It's trivially easy to turn root login back on.  Just give root a 
>> > password (and enable root login in your sshd config file) and 
>> > you should be golden.  I generally use sudo if I'm already on the 
>> > machine in question, but if I'm accessing a *buntu machine remotely 
>> > I tend to ssh directly to root. 
>> 
>> My preference is to set AllowUsers in sshd_config so only the specified 
>> users can login via ssh. I restrict root logins to specific origins, e.g. 
>> 
>>     AllowUsers [...]  [hidden email] 
>> 
>> to allow root logins from the rsync backup server. I also disallow 
>> password authentication and instead drop an ssh public key into 
>> /root/.ssh/authorized_keys 
> 
> Remember that you can (and should!) further limit what can be 
> done with that public key with restrictions in authorized_keys: 
> 
> man sshd, section AUTHORIZED_KEYS FILE FORMAT. 
> 
> -dsr- 
> 
> 
> -- 
> http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference. 
> 
> When freedom gets lots of exercise, it protects itself. 
> 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org