Should sshd be fixed to handle NIS+ keylogin

Tim McGarry tim at mcgarry.ch
Tue Jan 15 09:27:25 EST 2002


To get around the problem of having to change the root password every time a
sys admin leaves the organization Solaris is hardened as follows.

in /etc/default login.
CONSOLE=

Restricted permissions on su so only certain groups can run it.

That way its really difficult to log in as root even if the root password is
known.

For OpenSSH

PermitRootLogin is set to without-password and a key is added to the
authorized_keys file for each sysadmin.

BUT

if in sshd_config

UseLogin is set to yes

then RSA keys cannot be used to get in as root.

If  UseLogin is set to no

then sshd doesn't do the keylogin, therefore, no home directory (dh Secured
NFS). and resticted access to the NIS+ maps.

Should sshd be fixed to handle the keylogin. (Obviously this could only work
with password auth)

Tim McGarry







More information about the openssh-unix-dev mailing list