From owner-freebsd-security  Thu Jan 27 15:12:17 2000
Delivered-To: freebsd-security@freebsd.org
Received: from security1.noc.flyingcroc.net (security1.noc.flyingcroc.net [207.246.128.54])
	by hub.freebsd.org (Postfix) with ESMTP id 7463A14E6B
	for <security@FreeBSD.ORG>; Thu, 27 Jan 2000 15:12:14 -0800 (PST)
	(envelope-from todd@flyingcroc.net)
Received: from localhost (todd@localhost)
	by security1.noc.flyingcroc.net (8.9.3/8.9.3) with ESMTP id PAA63892;
	Thu, 27 Jan 2000 15:11:26 -0800 (PST)
	(envelope-from todd@flyingcroc.net)
X-Authentication-Warning: security1.noc.flyingcroc.net: todd owned process doing -bs
Date: Thu, 27 Jan 2000 15:11:26 -0800 (PST)
From: Todd Backman <todd@flyingcroc.net>
X-Sender: todd@security1.noc.flyingcroc.net
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: Todd Backman <todd@mail.flyingcroc.net>,
	Bill Swingle <unfurl@dub.net>, security@FreeBSD.ORG
Subject: Re: root authorized_keys ignore? 
In-Reply-To: <1573.948954524@axl.noc.iafrica.com>
Message-ID: <Pine.BSF.4.10.10001271508060.62037-100000@security1.noc.flyingcroc.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


You are correct. I was looking for an interim solution to the problem
until I get through all of my other projects before digging into kerberosV
for our 250+ machines... aaaakkkk! I was just hoping I missed something in
sshd_config.

Thanks for the tips!

- Todd

On Thu, 27 Jan 2000, Sheldon Hearn wrote:

> 
> 
> On Wed, 26 Jan 2000 12:08:34 PST, Todd Backman wrote:
> 
> > just the use of authorized_keys... just want to combat the
> > "lazy-admin-syndrome" ;^)
> 
> Actually, it looks like you're trying to work around existing laziness,
> rather than stomp on it.  So far, all the suggestions I've seen offered
> in public are not fool-proof. :-)
> 
> Just disable root logins with ssh altogether and have your admins log in
> with user accounts and su to root.
> 
> Ciao,
> Sheldon.
> 

==========================================================================
Todd Backman <todd@flyingcroc.net>           "the only limitations people
Security Officer                             have are the ones we put
Flying Crocodile, Inc.                       upon ourselves." -me 
Seattle, WA                             
"chaos is a good teacher..."                
==========================================================================



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message