> On Fri, Jul 06, 2001 at 12:15:43PM +0300, Juha Jäykkä wrote: > > > I have a bit of a situation: I have a handful of linux machines > > (almost all with different distributions and kernels and software - > > one hell to keep secure) and all the machines have different roots. > > These guys want to keep their root passwords (or at least the root > > privileges) so they can update their X/KDE/whatever when/if they feel > > like it but on the other hand, they would like to see someone (me) > > keep their machines secure - something they themselves do not have > > time (we all know keeping up security is a fulltime job). Obviously to > > install patches etc I, also, need root privileges. > > This poses a problem if I am not to remember all those different > > root passwords and without making all the passwords the same! How can > > that _safely_ be accomplished? There are versions of su, sudo etc) that Use SSH and its RSA authentications (preferably with ssh-agent). With OpenSSH You can change /etc/ssh/sshd_config to read:
PermitRootLogin without-password (quoting from memory) and put Your RSA public key in ~root/.ssh/authorized_keys This solution works flawlesly in my company (several machines spread all over the country with different people doing day-to-day management) -- Robert Ramiega | [EMAIL PROTECTED] IRC: _Jedi_ | Do not underestimate UIN: 13201047 | http://www.plukwa.net/ | the power of Source
