[CentOS] duqu

Les Mikesell lesmikesell at gmail.com
Wed Nov 30 19:12:03 UTC 2011


On Wed, Nov 30, 2011 at 1:01 PM, John Hinton <webmaster at ew3d.com> wrote:
>
 On 11/30/2011 1:55 PM, Benjamin Donnachie wrote:
>
>>> Ssh is mostly about being able to log in.
>> I've always adopted the policy of disabling root logins, making admins
>> use a separate account with public/private key authentication and then
>> requiring them to use su to elevate privileges.
>>
>> Has the advantage that your logs will tell you who logged in and
>> performed an action rather than the vague 'root'.
>>

> How would you automate daily logins from another server to do something
> like rsync the entire /etc directory to a backup system?

You can set up a passwordless sudo that is passed as part of the ssh
command.   And I agree that this is likely to be a safer approach as
long as the private key which is much like a written-down password can
be protected well enough.

-- 
   Les Mikesell
    lesmikesell at gmail.com



More information about the CentOS mailing list