Date: Thu, 13 Dec 2001 22:01:19 +0500 From: "Haikal Saadh" <wyldephyre2@yahoo.com> To: "'Rob Andrews'" <rob@cyberpunkz.org>, <freebsd-security@freebsd.org> Subject: RE: Question about sshd... Message-ID: <001601c183f7$cc88e950$69c801ca@warhawk> In-Reply-To: <20011213102109.A18375@switchblade.cyberpunkz.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I understood that if you *'red out your staff members password using vipw, and if you generate a keypair for them, they should be able to login via ssh, but not telnet or the local console. > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Rob Andrews > Sent: Thursday, December 13, 2001 9:21 PM > To: freebsd-security@freebsd.org > Subject: Question about sshd... > > > I am wondering if there is a way or if there has been > consideration of a way to impliment login permissions based > upon user authentication via sshd (openssh 3.0.2) > > The reason I am asking is because I want to force all staff > members to login through the system based upon their > generated keypairs such as a RSA or DSA keypair. Users since > they have very limited access I am not as worried about an > account compromise. But if a staff users account on a > machine is compromised then I at least want someone to have > to have worked for it to even get logged into the system. > > I'd heard talk from someone else that they were interested in > patching opensshd to do just this. so you could create a > rule in the config for an allowed user and say a > 'without-password' option such as there is allowed for root. > > Any ideas? :) > Thanks, > > -- > ::::::::::::=================--------------------- > :|Robert Andrews > :|Cyberpunk Alliance http://www.cyberpunkz.org > :|Minneapolis, MN Email: rob@cyberpunkz.org Office: 763-535-6392 > :::::::::::::::::::::::::::====================--------------- > ---------- > > _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001601c183f7$cc88e950$69c801ca>