On Wed, Nov 30, 2011 at 1:01 PM, John Hinton webmaster@ew3d.com wrote:
On 11/30/2011 1:55 PM, Benjamin Donnachie wrote:
Ssh is mostly about being able to log in.
I've always adopted the policy of disabling root logins, making admins use a separate account with public/private key authentication and then requiring them to use su to elevate privileges.
Has the advantage that your logs will tell you who logged in and performed an action rather than the vague 'root'.
How would you automate daily logins from another server to do something like rsync the entire /etc directory to a backup system?
You can set up a passwordless sudo that is passed as part of the ssh command. And I agree that this is likely to be a safer approach as long as the private key which is much like a written-down password can be protected well enough.