Em qui., 14 de jul. de 2022 11:48, Neil Bothwick <n...@digimed.co.uk> escreveu:
> On Thu, 14 Jul 2022 11:54:46 +0200, J. Roeleveld wrote: > > > For security reasons, I do not want direct login to root under any > > circumstances. This is disabled on all systems and will stay this way. > > > > Currently, to login as root, you need to know: > > - admin user account name > > - admin user account password > > - root user account password > > > > I do not want to reduce this to a single ssh-key-passphrase. > > Is this user only used as a gateway to root access, or can you set up such > a user? If so you could use key-based authentication for that user, with > a passphrase, and add command="/bin/su --login" to the authorized_keys > line. That way you still need three pieces of information, replacing the > user's password with the user's key passphrase. > > > -- > Neil Bothwick > > 30 minutes of begging is not considered foreplay. > Or you might consider creating a ssh key pair for the remote root and login directly to root with no password, only using the ssh keys. >
