Re: ssh-vs-rsh benchmark result
On Thu, Aug 29, 2002 at 09:41:10AM -0700, Dale Southard wrote:
> Also, in some situations keypairs actually lower security. Eg, on
> ``control networks'' that are internal to a cluster, where more than
> one sysadmin needs to do rootly things, it's arguably a little safer
> to use rsh .hosts type authentication. Using keypairs means either
> sharing the private key password with every sysad, or using no
> password. In either case you'll run into the non revocable problem
> when a sysadmin leaves.
You can have more than one public key in an authorized_keys file, so each
sysadmin can have their own private key. You just have to remove it from
all the authorized_keys files when they leave. That should be as simple as
grep -v key .ssh/authorized_keys > .ssh/new_ak
mv -f .ssh/new_ak .ssh/authorized_keys
(which you can run on all your machines with a for loop using ssh or rsh :)
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BCE
Reply to: