[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Loging in to mike

To: tass <tass@listserv.wwa.com>
Subject: Re: Loging in to mike
From: "Geoff O'Callaghan" <geoff@asri.org.au>
Date: Mon, 18 Oct 2004 17:34:31 +1000
Organization: Australian Space Research Institute
Reply-to: geoff@asri.org.au
Sender: owner-tass@listserv.wwa.com
User-Agent: KMail/1.6.2

On Sat, 16 Oct 2004 03:55 am, droege@snapmail.us wrote:
> OK, you all should know that I don't know what I am doing.
>
> I just created the login worker with password ysduaup

Hi Tom,  I'm a little concerned for your system with this level of security.
Have you considered using disabled for password accounts that can only be
accessed by validated users ssh keys?

ie.  You still have the one account called 'worker' - you cannot logon to it
using a password so someone can try and guess the password till they turn
blue in the face (eg.  passwd -l worker;passwd -x 99999).   People who you
want to allow to access the 'worker' account send you their ssh public key
and you install it into the 'worker' ~/.ssh/authorized_keys2 file

With that sort of approach you can control who you want to have access to
 your system, you don't have to worry about changing/distributing passwords
 and having that password float into the hands of someone undesirable.

It does depend on everyone being familiar and comfortable using ssh keys
rather than passwords.

I can provide more details if required.

-goc-

Follow-Ups:
- Re: Loging in to mike
  - From: droege@snapmail.us
- Re: Loging in to mike
  - From: Doug Welch <welch@physics.mcmaster.ca>

Prev by Date: Re: For the slightly slow.
Next by Date: Re: Loging in to mike
Prev by thread: Loging in to mike
Next by thread: Re: Loging in to mike
Index(es):
- Date
- Thread