On Thu, 27 Jan 2011, Nico Kadel-Garcia wrote:
Wrong again. Never use public key access for root accounts, it simply compounds the security risks. Passphrase protected SSH keys can be used, reasonably, for account access on other hosts, but should be avoided for root access. If you *HAVE* to use an SSH key for root, for example for "rsync" based backup operations, use rssh to restrict its operations or designate a permitted command associated with that key in the target's authorized_keys.
Is this actually current doctrine for typical machines? I thought plenty of people advocated restricting ssh to AllowRoot without-password. What exactly is your security concern with having password protected key access to a machine's root account?
I'll agree Using command= for things like rsync backups is definitely a good idea, as it means you can put ssh keys on machines that only grant them single command access.
jh