[Gllug] ssh authentification
Benjamin Donnachie
benjamin at py-soft.co.uk
Tue Jul 18 13:17:17 UTC 2006
Tethys wrote:
> The problem is that it's very difficult to enforce that. If a staff
> member wants to install a passwordless keypair that gives them access
> to your systems, how do you prevent it?
Generate the key files for them and install them on their machine so
that they cannot change them. (And hope they're too stupid to figure a
way around it!)
On the server, use a centralised key database which users do not have
access to, or ensure that they cannot modify the relevant files under
their home directory (Again, hope that they're too stupid...)
Ben
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list