Re: an ssh auth. question++
On Mon, May 15, 2006 at 02:33:31PM +0200, Krassen Deltchev wrote:
> what is better to be used::
> a root authentification to a remote server over ssh or just a user
> authentifaction to this very server+ #su root and then authentificate
> the root access?
I'd say 'which is better' depends on the context. Whether you are using
ssh or not, if you can avoid being root, that's better.
Sometimes of course, you must be root. If the set of tasks you are
remotely performing via ssh is limited, you might consider using the
'command' option (see the AUTHORIZED_KEYS section of 'man sshd' for
details) in your remote host's authorized_keys file to set up a
restricted set of operations.
For example, on the local machine, you might like to create a special
key dedicated to a particular purpose, e.g.
ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa_transfer
If you wanted to transfer a file from the remote machine that was only
readable by root, you might set up the remote machine's authorized_keys
file to include something like:
command="cat /path/to/afile" <insert ~/.ssh/id_rsa_transfer.pub key here>
Now, from the local machine, you can do something like:
ssh -i ~/.ssh/id_rsa_tranfer.pub email@example.com > /a/local/file
Depending on your application, you may want/need to include other
options like 'no_pty' in your authorized_keys file (see man page for
Network & Systems Manager
Mount Holyoke College