SSH login for normal users using authorized keys
Mike Burger
mburger at bubbanfriends.org
Mon Nov 22 19:56:31 UTC 2004
On Mon, 22 Nov 2004, Wade Chandler wrote:
> Mike Burger wrote:
> > On Mon, 22 Nov 2004, Jithesh wrote:
> >
> >
> >>Hi all,
> >>
> >>I was able to create successful login for the root account from a remote
> >>client with the help of the public key and the authorized key. But when
> >>I tried to do it for a normal account it still asks for the password.
> >>
> >>Here is what I have done
> >>1. Generated the public key in the client machine.
> >>2. Copied the same into the server's normal user account's
> >>~/.ssh/authorized_keys
> >>3. Changed the permission to read only for the file authorized_keys
> >>
> >>I did the same thing for the root account and it worked but not or other
> >>users.
> >
> >
> > This may not directly answer your question, but wouldn't it be a more
> > prudent move to have the users log into the remote system, and either su
> > to root, or use sudo to run root level commands? Using sudo, you can A)
> > log who ran what and B) not have to give out the root password.
> >
> I think the question is not how to run commands as root, but how to
> setup key files for ssh in the .ssh directory so his users can login
> without having to type anything. I really don't have the answer right
> now as I have used documentation everytime I did this. I have done this
> for sourceforge accounts before. Maybe the sourceforge documentation
> could help you. Go to www.sourceforge.net and read the section about
> developer access to a project and setting up ssh access with key files.
That's the thing...it appears, really, that it specifically has to do
with logging in, remotely, as root, by regular users. He specifically
stated that he's done what he needs to do to get the root user to be able
to ssh directly in using a key...he wants the users to be able to log in
as root, using keys.
Those users are still going to have to type in whatever commands they need
to use, so why not save himself the potential security hassles of having
root login, and use sudo (or su, if necessary)?
It was just a suggestion, on my part...a way to get around it, which, in
my mind, would provide better security for the process.
--
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org
To be notified of updates to the web site, visit
http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a
message to:
site-update-request at bubbanfriends.org
with a message of:
subscribe
More information about the redhat-list
mailing list