23 Sep
2013
23 Sep
'13
11:44 p.m.
Lists wrote:
On 09/23/2013 01:50 PM, Les Mikesell wrote:
Is there something that convinces you that sudo is better at handling the command restriction than sshd would be?
In the context of a production server, the idea is to remove any ability from another host (EG: backup server) to run local arbitrary code or change local files. (read-only)
<snip>
You can disable the password on the backup account to achieve a similar effect using an SSHD option. If there's a better/simpler way to do this via SSHD option I'd love to hear about it!
Sure. You disable password authentication, and allow keys only, in /etc/ssh/sshd_config.
mark