[CentOS] duqu
Les Mikesell
lesmikesell at gmail.com
Wed Nov 30 19:12:03 UTC 2011
On Wed, Nov 30, 2011 at 1:01 PM, John Hinton <webmaster at ew3d.com> wrote:
>
On 11/30/2011 1:55 PM, Benjamin Donnachie wrote:
>
>>> Ssh is mostly about being able to log in.
>> I've always adopted the policy of disabling root logins, making admins
>> use a separate account with public/private key authentication and then
>> requiring them to use su to elevate privileges.
>>
>> Has the advantage that your logs will tell you who logged in and
>> performed an action rather than the vague 'root'.
>>
> How would you automate daily logins from another server to do something
> like rsync the entire /etc directory to a backup system?
You can set up a passwordless sudo that is passed as part of the ssh
command. And I agree that this is likely to be a safer approach as
long as the private key which is much like a written-down password can
be protected well enough.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list