BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] ssh keys question
- Subject: [Discuss] ssh keys question
- From: dsr at randomstring.org (Dan Ritter)
- Date: Fri, 17 Jun 2016 06:27:53 -0400
- In-reply-to: <57634288.6090704@borg.org>
- References: <57631030.9070803@borg.org> <20160616223755.GO9041@randomstring.org> <57634288.6090704@borg.org>
On Thu, Jun 16, 2016 at 08:21:28PM -0400, Kent Borg wrote: > On 06/16/2016 06:37 PM, Dan Ritter wrote: > >1. You can assign passwords, but tell sshd to only allow access via keys. > >This is a Good Idea. > > So for you--someone running your own machine--you use keys to login but > still use a password on sudo? (This is common? Seems part of going to keys > is to get rid of passwords.) No, going to SSH keys gets rid of passwords available to access your machine from the outside. You still need to differentiate someone who has superuser rights from someone who has just sat down at the console. At home I have four computer users, including myself, not including guests. Sudo requires a password. > But if you do not require a password on sudo it means that any program you > run runs with root privileges if it just bothers to ask for it. Kinda the > opposite of dropping privileges. No, just the ones that you have set up that way: KIDS GENERAL= NOPASSWD: /usr/sbin/shutdown allows the members of the group KIDS on machines in class GENERAL to run "sudo shutdown" without entering a password, thus making it more likely that they will do that. It doesn't give them sudo privs on any other command. (You need to make sure that the command you specify does not have, e.g., a shell mode. emacs would be a really bad choice. -dsr-
- Follow-Ups:
- [Discuss] ssh keys question
- From: bill.n1vux at gmail.com (Bill Ricker)
- [Discuss] ssh keys question
- References:
- [Discuss] ssh keys question
- From: kentborg at borg.org (Kent Borg)
- [Discuss] ssh keys question
- From: dsr at randomstring.org (Dan Ritter)
- [Discuss] ssh keys question
- From: kentborg at borg.org (Kent Borg)
- [Discuss] ssh keys question
- Prev by Date: [Discuss] ssh keys question
- Next by Date: [Discuss] ssh keys question
- Previous by thread: [Discuss] ssh keys question
- Next by thread: [Discuss] ssh keys question
- Index(es):