Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
March 5, 2004, 6:30 pm
rate this thread
We've had security problems with users using authorized-keys to
make it easy to for themselves to jump on from their home machines.
Someone had their home machine rooted and the cracker got on to our server.
Of course the users should really be using encrypted private keys
with ssh-agent, but I don't know how to enforce this.
What I would like to do is to establish a policy for who is allowed
to use public key authentication. In general we want to turn off access for
normal users, but allow access for system accounts such as rsync backup account.
The policy could work via an ACL or based on login shell (most of our
system account shells are set to "nologin" whereas normal users
are set to bash). I could also setup a cron job to delete authorized-keys
files from user accounts, but that seems a bit ineligant.
Is this the right approach to this problem? And if so then is
there a standard solution?
Re: How to turn off public key access for user accounts, but allow for system accounts?
What this gains you in security is rather limited. A persistent attacker
will end up logging keystrokes or interfering with established sessions.
Perhaps a more fruitful approach is to limit the capabilities of the users
after they log in - and assist in defending the home machines.
To allow only one user to use inbound keys set an absolute pathname
writable only by that user (and root, if different).
Or you could run multiple SSH servers using different configs and
use AllowUsers/DenyUsers to ensure the rabble don't use the one that
It might be possible to run your rsync in the other direction too.
There's more than one way to do - uh, wrong slogan.
Elvis Notargiacomo master AT barefaced DOT cheek
- » protocol question - issue with exit-status inside unfinished data stream?
- — Newest thread in » Secure Shell Forum