[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh-vs-rsh benchmark result

On Thu, Aug 29, 2002 at 09:41:10AM -0700, Dale Southard wrote:
> Also, in some situations keypairs actually lower security.  Eg, on
> ``control networks'' that are internal to a cluster, where more than
> one sysadmin needs to do rootly things, it's arguably a little safer
> to use rsh .hosts type authentication.  Using keypairs means either
> sharing the private key password with every sysad, or using no
> password.  In either case you'll run into the non revocable problem
> when a sysadmin leaves.

 You can have more than one public key in an authorized_keys file, so each
sysadmin can have their own private key.  You just have to remove it from
all the authorized_keys files when they leave.  That should be as simple as
grep -v key .ssh/authorized_keys > .ssh/new_ak
mv -f .ssh/new_ak .ssh/authorized_keys
(which you can run on all your machines with a for loop using ssh or rsh :)

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to: