![]() You'd still have a record of this connection in your syslog and/or secure.log files (assuming your distro provides this level of logging). # User backup's $HOME/.ssh/authorized_keys fileĬommand="/usr/libexec/openssh/sftp-server" ssh-dss AAAAC8ghi9ldw= would allow another system with the corresponding key to this pair to SFTP into this system as root. Am I wrong?īeyond what suggested in the comments above you could setup a dedicated SSH key pair just for this activity and add them to the root user's /root/.ssh/authorized_keys file limiting their scope to just a single command. ![]() This seems to be the same effect as using sudo to me. Should I concern myself with this when using Key based authentication or is this a trivial difference in security/logging? It seems like Key based authentication records user's serial number in the logs, and you can have multiple keys for the root user to identify each user. It seems to be a best practice to require login as a non-root user and then require use of sudo since the logs will record who was given escalated privileges for each command. I didn't understand how to use sudo and SFTP at same time. Currently, I use root user login directly, but password login is disabled. I understand how to do SSH Tunneling to admin the system services. I need this to work with Mac connecting to Ubuntu as well. Is there a way to keep sudo & key authentication. If the system requires sudo to perform root level commands, How do I get around this?Ĭan I create a way of bypassing sudo for SFTP only? ![]() I'm using SSH Key based authentication - rsa key on smart card. I want to be able to use SFTP to edit files that require root permissions. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |