[NBLUG/talk] Root and SSH questions..
Eric Eisenhart
eric at nblug.org
Wed Sep 17 16:54:01 PDT 2003
On Wed, Sep 17, 2003 at 04:14:39PM -0700, E Frank Ball wrote:
> I'd go ahead and allow root login via ssh, but turn off passwords:
>
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication no
>
> And only allow ssh key pairs for logging in.
That'd turn off password authentication for everybody, not just root; which
may not be feasible.
Better:
PermitRootLogin without-password
Which would leave the rest alone, but allow only other methods (ssh keys)
for login.
Best:
PermitRootLogin forced-commands-only
Which would only allow root to run very specific commands based on which key
is used.
Then in ~root/.ssh/authorized_keys, put something like this in front of the
key:
from="blah.example.com",command="rsync --server --sender -vlHogDtprxz --partial --delete-after . /"
For your first pass, leave out the command= part -- use "ps auxwww | grep
[r]sync" to see what specific command is required for what you're doing,
then allow just that one single command.
This will allow that key to work only from a specific location and only to
execute that single task. It raises the bar for an attacker by (a)
requiring that they get an ssh key instead of just a password, (b) be able
to run the command from that host (or compromise DNS or spoof IPs) or at the
very least from inside your network and (c) be able to figure out how to do
something nasty based on simply having a copy of your data instead of a root
shell.
--
Eric Eisenhart
NBLUG Co-Founder & Director-At-Large
The North Bay Linux Users Group
http://nblug.org/
eric at nblug.org, IRC: Freiheit at freenode, AIM: falschfreiheit, ICQ: 48217244
More information about the talk
mailing list