Date: Wed, 28 Nov 2007 21:12:33 -0800 From: "Kevin Downey" <redchin@gmail.com> To: "Olivier Nicole" <on@cs.ait.ac.th> Cc: freebsd-questions@freebsd.org Subject: Re: Secure remote shell Message-ID: <1d3ed48c0711282112g389407ddyed367561910adfe4@mail.gmail.com> In-Reply-To: <200711290428.lAT4SOLd065598@banyan.cs.ait.ac.th> References: <200711290428.lAT4SOLd065598@banyan.cs.ait.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 28, 2007 8:28 PM, Olivier Nicole <on@cs.ait.ac.th> wrote: > Hi, > > Part of (un)registerings users on my system consists in connecting to > various servers to add the user account to some services: > > Registering users is done wia a web page, and the web server will > remote execute a script on the mail server to add the users in the > aliases and run newaliases, remote execute a script to the radius > server to add the user in the radius tables and restart radius, etc. > > Of course all the remote execution should be done as root :( > > So far, one specific user from the web server can rsh -l root to the > various other servers to do what needs to be done. But this is not > quite satisfactory. > > What other solution would you suggest to execute a shell remotely as > root, that could be automated in a script (no password required). > > Best regards, > > Olivier ssh using key authentication and sudo configured to allow a certain user to run the needed commands and only the needed commands as root. http://www.gratisoft.us/sudo/ http://sial.org/howto/openssh/publickey-auth/ -- The Mafia way is that we pursue larger goals under the guise of personal relationships. Fisheye
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1d3ed48c0711282112g389407ddyed367561910adfe4>