Should sshd be fixed to handle NIS+ keylogin
Tim McGarry
tim at mcgarry.ch
Tue Jan 15 09:27:25 EST 2002
To get around the problem of having to change the root password every time a
sys admin leaves the organization Solaris is hardened as follows.
in /etc/default login.
CONSOLE=
Restricted permissions on su so only certain groups can run it.
That way its really difficult to log in as root even if the root password is
known.
For OpenSSH
PermitRootLogin is set to without-password and a key is added to the
authorized_keys file for each sysadmin.
BUT
if in sshd_config
UseLogin is set to yes
then RSA keys cannot be used to get in as root.
If UseLogin is set to no
then sshd doesn't do the keylogin, therefore, no home directory (dh Secured
NFS). and resticted access to the NIS+ maps.
Should sshd be fixed to handle the keylogin. (Obviously this could only work
with password auth)
Tim McGarry
More information about the openssh-unix-dev
mailing list