port-i386: Re: PermitRootLogin in SSHd (WAS: Re: Telnet logins)

Subject: Re: PermitRootLogin in SSHd (WAS: Re: Telnet logins)
To: None <rmcm@compsoft.com.au>
From: Todd Vierling <tv@wasabisystems.com>
List: port-i386
Date: 08/22/2001 19:14:39

On Thu, 23 Aug 2001 rmcm@compsoft.com.au wrote:

: how about;
:
:    rsync -a -e ssh --rsync-path=/usr/local/etc/rsync-sudo /localdir/ \
:          user@remotehost:/remotedir/
:
: where  /usr/local/etc/rsync-sudo is
:
:         #!/bin/sh
:         sudo /usr/pkg/bin/rsync $*

Of course, that blows a huge hole in the so-called `security' of sudo, now
doesn't it?  :)

Personally, I prefer ssh crypto keys for root access.  My machines don't
even have valid passwords for root anymore; a ssh has to be used, even from
localhost.  Logging the keys used for becoming root would probably be a
trivial thing to implement.

-- 
-- Todd Vierling <tv@wasabisystems.com>  *  Wasabi NetBSD:  Run with it.
-- NetBSD 1.5.2 available on CD-ROM soon!  --  http://www.wasabisystems.com/