Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] ssh keys question



On Thu, Jun 16, 2016 at 08:21:28PM -0400, Kent Borg wrote:
> On 06/16/2016 06:37 PM, Dan Ritter wrote:
> >1. You can assign passwords, but tell sshd to only allow access via keys.
> >This is a Good Idea.
> 
> So for you--someone running your own machine--you use keys to login but
> still use a password on sudo? (This is common? Seems part of going to keys
> is to get rid of passwords.)

No, going to SSH keys gets rid of passwords available to access
your machine from the outside. You still need to differentiate
someone who has superuser rights from someone who has just sat
down at the console.

At home I have four computer users, including myself, not
including guests. Sudo requires a password.

> But if you do not require a password on sudo it means that any program you
> run runs with root privileges if it just bothers to ask for it. Kinda the
> opposite of dropping privileges.

No, just the ones that you have set up that way:

KIDS GENERAL= NOPASSWD: /usr/sbin/shutdown

allows the members of the group KIDS on machines in class GENERAL to run
"sudo shutdown" without entering a password, thus making it more likely
that they will do that.

It doesn't give them sudo privs on any other command. (You need
to make sure that the command you specify does not have, e.g., a
shell mode. emacs would be a really bad choice.

-dsr-



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org