[Gllug] Selective SSH logins
Garry Heaton
garry at heaton6.freeserve.co.uk
Tue Aug 26 12:57:20 UTC 2008
Daniel P. Berrange wrote:
> And if you have NFS home directories, and aren't requiring Keberized NFS
> clients, then SSH keys are worse than useless thanks to NFS' complete lack
> of a security model (ie it trusts clients to be truthful wrt to UIDs). And
> if you are requiring Kerberized NFS, then you can just use GSSAPI logins
> anyway, so don't need SSH keys. SSH keys + NFS home dirs == recipe for
> disaster. Of course non-Kerberized NFS + password login is no better
> either.
>
> Daniel
This is for SFTP access to a webserver so no NFS issues. Currently I'm using
IP filtering at the firewall with SSH password logins as there are only a
couple of users but I'd like to switch to SSH key authentication and do away
with the IP filtering.
Garry
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list