ssh - NO SALE or NO GIVE ?

Pekka Savola pekkas at netcore.fi
Mon May 21 23:51:22 EST 2001


On Mon, 21 May 2001, Markus Friedl wrote:
> On Sun, May 20, 2001 at 01:54:08PM +0300, Pekka Savola wrote:
> > How SSH makes this easier is that you only have to sync the
> > authorized_keys2 database to root account's .ssh/ every time new admin
> > comes in/leaves the house
>
> how is this different from synching the wheel group on these machines?

This is solving a different problem than the one I described; this only
controls whether users can change to root after being properly
authenticated as the _user_.

If you only sync wheel group, the users still must:
 1) be added and deleted when leaving house (else they could sniff around
afterwards, or the account could fall to wrong hands)
 2) their passwords must be set, and managed
 3) change password in N machines if he want to change it everywhere
 4) etc.

There is a significant difference related to _account management_ here;
I'm sure you can see it. :-)

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords




More information about the openssh-unix-dev mailing list