All, I got lots of good feedback. Thanks to all who have responded. I have included the responses that best matched what I was trying to do. Pros: Encrypted, PKI Control of which command can get executed 9.5/10 SA's recommend it! ;-) Cons: Root logins via ssh are difficult to track/audit Alternates: Use RBAC (Only in Solaris 9) The overall recommendations were to go with allowing root login as a drop-in replacement. sudo was also recommended as an option. Since these are automated scripts for disaster recovery and *need* to run as root, sudo would reduce the overall security. Yes, they do run everyday; no, we do not have disasters everyday. Before you can enter any commands with sudo, you must enter a password. Unfortunately, this means having a file on the system with a password in clear text. You might as well stick your root password in this file named "README.getroothere". I also learned that you can use PKI locally. Meaning that if user johna needs to do something as user johnb, you can: "ssh johnb@localhost command" as johna using PKI. You also want to protect your keys!!!! But of course you knew that already. Certain people recommend making your home directory perms 700 but that may break things especially if you have a "www" or "public_html" directory if you are hosting webpages. But if you still insist, go ahead and make root's home directory perms 700 for tons of wholesome fun. Hands down that 700 is secure but if that doesn't work for you, make your .ssh directory perms 700 instead. You do not need to be root to do ufsdumps of your filesystems. If you give group perms to a particular user, a dump can be performed from a user other than root. Thanks again for all the responses! Ryan -----Original Message----- From: Ryan A. Krenzischek Sent: Thursday, September 04, 2003 11:33 AM To: sunmanagers@sunmanagers.org Subject: Using SSH as drop-in replacement for r* services All, I'm looking for some feedback for individuals who have been tasked by their company to move away from using r* services (rsh, rlogin, and rexec). It seems that SSH is the best fit for a drop-in replacement as we already use it on a daily basis on our Solaris boxen. However, some of our disastery-recover scripts that get run on a daily-basis and they require root. We currently have root logins via ssh disabled. Are there any reasons why we should not allow root logins via ssh using PKI? Are there any issues that arise when migrating from r* services to SSH on Solaris? Thanks. Ryan _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Mon Sep 8 10:51:30 2003
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:19 EST