BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] PSA: no root login for SSH
- Subject: [Discuss] PSA: no root login for SSH
- From: dbarrett at blazemonger.com (Daniel Barrett)
- Date: Thu, 24 Dec 2020 12:18:44 -0500
- References: <CAD9BPTo+2nX+Ty_6DCve7jshE5E+6FjBSeNeFr_NkyuJEGkYiQ@mail.gmail.com>
On December 24, 2020, Michael Tiernan wrote: >I've got one [user] that every 30secs launches a script that logs in, >checks a dir for files then closes. Using his unprotected key. Do you mean an SSH key with an empty passphrase? Actually, this can be done fairly securely and is particularly good for scripting. Create a distinct key pair, with empty passphrase, and on the server side, set up authorized_keys to use a forced command (man sshd), e.g., 'command="/bin/ls myfile"'. Even if the private key is stolen, all the attacker can do is run "/bin/ls myfile" on the remote system, not a login shell. I'm not saying that Michael's user is doing it this way. :-) But it's a reasonable technique. -- Dan Barrett dbarrett at blazemonger.com
- Follow-Ups:
- [Discuss] PSA: no root login for SSH
- From: kentborg at borg.org (Kent Borg)
- [Discuss] PSA: no root login for SSH
- References:
- [Discuss] PSA: no root login for SSH
- From: michael.tiernan at gmail.com (Michael Tiernan)
- [Discuss] PSA: no root login for SSH
- Prev by Date: [Discuss] PSA: no root login for SSH
- Next by Date: [Discuss] PSA: no root login for SSH
- Previous by thread: [Discuss] PSA: no root login for SSH
- Next by thread: [Discuss] PSA: no root login for SSH
- Index(es):