ssh - NO SALE or NO GIVE ?

[Pekka Savola]

On Sun, 20 May 2001 mouring at etoh.eviladmin.org wrote:
[snip a lot]
> I still don't get where "PermitRootLogin no" fails.. Give each admin a
> normal user account and the correct group privs for 'su'.  Like every
> other UNIX in the world.  I don't see how 'multiple private keys to an
> account where passwords are not accepted' is any more secure nor
> managable.

This is getting a bit off-topic, but as this was raised here we go...

This is an attempt to solve solve the account management problem.
For example, consider a company with 50 servers which are managed by 5-10
admins.  When the admins switch jobs, you always have to make sure their
accounts are deleted, new ones added etc.  Also, it's a pain for the
admins to set up passwords for each, and change them in each, etc.

Real pain.  Some custom password/user management tools make this a bit
easier, but not much.  If there are good, reliable systems for this, I
sure would like to know of them.

There are obvious advantages not having to know (unless something dire
happens) the root password yet being able to do work as root in
multi-admin circumstances.

How SSH makes this easier is that you only have to sync the
authorized_keys2 database to root account's .ssh/ every time new admin
comes in/leaves the house.  This can even be automatized rather easily.  A
more modular hack would be using authorized_keys2 _directory_, and the
keys in there would all be counted as authorized.  Thus only one file
copy/removal would do the job, no need for sync; this would be profitable
in environments where all admins don't have access to all systems.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords