[Gllug] managing ssh access for many servers
Oliver Howe
ojhowe at gmail.com
Thu Feb 25 17:45:07 UTC 2010
If I used LDAP , would I need to install a patched version of openssh
(compiled --with-ldap)
onto each of the servers?
On Thu, Feb 25, 2010 at 11:48 AM, Andy Millar <andy at andymillar.co.uk> wrote:
> On Thu, 2010-02-25 at 11:36 +0000, Oliver Howe wrote:
>
> > I would be very interested to hear how other people in large
> > environments have their servers/keys admin access managed and opinions
> > on the best way
> > to do this.
>
> Oliver,
>
> Using LDAP for authentication across all servers will solve most of your
> problems. You can then enable/disable accounts centrally for each
> individual sysadmin and they can then use sudo.
>
> That way, no sysadmins should ever login as root (this is *BAD*) and all
> have the access they need. This also makes auditing who does what far
> easier.
>
> I personally also deploy my home directory to all our servers as a RPM.
> This makes sure my public key and various .(.*)rc files are in place.
>
> Andy
>
>
> --
> Gllug mailing list - Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20100225/7cc5e69d/attachment.html>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list