Re: [gentoo-user] OT -- superuser file manager access to remote via ssh with no root login?
On 25 Feb 2009, at 03:42, Mike Kazantsev wrote: ... 3. Since it sounds like you have no need to do it repeatedly, why not open root and do the stuff? Provided you don't have '123' as password. The voice of reason has entered the thread. Stroller.
Re: [gentoo-user] OT -- superuser file manager access to remote via ssh with no root login?
On Wed, 25 Feb 2009 08:50:00 + Stroller strol...@stellar.eclipse.co.uk wrote: On 25 Feb 2009, at 03:42, Mike Kazantsev wrote: ... 3. Since it sounds like you have no need to do it repeatedly, why not open root and do the stuff? Provided you don't have '123' as password. The voice of reason has entered the thread. Indeed. Thanks to all for the helpful replies. In the end, being on a deadline to complete this idiotic task (moving nested shared IMAP folders), I just emerged a comparatively lightweight file manager, 'pcmanfm' (as the server has some X libs on it) and did it via ssh with -Y... possibly the least secure option, but as was suggested, the easiest. '-) Anyway, Gentoo community rocks! Some very clever proposals. Virtual beverages all around... Cheers, -- |\ /|| | ~ ~ | \/ ||---| `|` ? ||ichael | |iggins\^ / michael.higgins[at]evolone[dot]org
[gentoo-user] OT -- superuser file manager access to remote via ssh with no root login?
I can't figure this one out. Have disallowed root login, public key auth. Have a bunch of random renaming to do on that machine though, so would like to point and click for a change. Is this possible? No GUI libs on the remote machine... I was thinking sshfs, but since I can't login directly as root, is there some other way? Cheers, -- |\ /|| | ~ ~ | \/ ||---| `|` ? ||ichael | |iggins\^ / michael.higgins[at]evolone[dot]org
Re: [gentoo-user] OT -- superuser file manager access to remote via ssh with no root login?
On Tuesday 24 February 2009 19:02:42 Michael Higgins wrote: I can't figure this one out. Have disallowed root login, public key auth. Have a bunch of random renaming to do on that machine though, so would like to point and click for a change. Is this possible? No GUI libs on the remote machine... I was thinking sshfs, but since I can't login directly as root, is there some other way? Export temporarily via nfs or samba. With nfs, remember to set no_root_squash, which is highly unrecommended, leaving samba as actually quite decent for this kind of thing. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] OT -- superuser file manager access to remote via ssh with no root login?
On Tue, Feb 24, 2009 at 11:02 AM, Michael Higgins li...@evolone.org wrote: I can't figure this one out. Have disallowed root login, public key auth. Have a bunch of random renaming to do on that machine though, so would like to point and click for a change. Is this possible? No GUI libs on the remote machine... I was thinking sshfs, but since I can't login directly as root, is there some other way? I believe you can make a key to associate with one command only. So perhaps you can allow root login, but the only root key is one that runs scp. Then you can scp as root but no actual login as root is possible to normal ssh.
Re: [gentoo-user] OT -- superuser file manager access to remote via ssh with no root login?
Am Dienstag, den 24.02.2009, 09:02 -0800 schrieb Michael Higgins: I can't figure this one out. Have disallowed root login, public key auth. Have a bunch of random renaming to do on that machine though, so would like to point and click for a change. Is this possible? No GUI libs on the remote machine... I was thinking sshfs, but since I can't login directly as root, is there some other way? Something like this might work: # cp /etc/ssh/sshd_config /root/sshd_root_allow_config Then edit /root/sshd_root_allow_config to allow root-login, to listen on a port != 22 and to use another PID-file: --- Port 222 PidFile /var/run/sshd_root_allow.pid PermitRootLogin yes --- Install app-admin/sudo and configure, that your login-user can execute the following two commands (maybe only these!?!): # sudo /usr/sbin/sshd -f /root/sshd_root_allow_config # sudo kill $(cat /var/run/sshd_root_allow.pid) Then you can use sshfs to port 222 between the two commands as root :) Bye, Daniel signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: [gentoo-user] OT -- superuser file manager access to remote via ssh with no root login?
On Tue, 24 Feb 2009 09:02:42 -0800 Michael Higgins li...@evolone.org wrote: I can't figure this one out. Have disallowed root login, public key auth. Have a bunch of random renaming to do on that machine though, so would like to point and click for a change. Is this possible? No GUI libs on the remote machine... I was thinking sshfs, but since I can't login directly as root, is there some other way? I can see several solutions, as well: 1. Restrict root auth to public key and bind public key to your IP only ( 'from=IP ssh-dss ...' in authorized_hosts, or tcp wrappers ). 2. Create login like 'somerandomuser' (you can actually use a hash here, if you're security-crazed) and disallow root auth from pam, not sshd. 3. Since it sounds like you have no need to do it repeatedly, why not open root and do the stuff? Provided you don't have '123' as password. While I think security is overally a good thing, making some aspects of it a pain in the ass is what I just can't understand in people: it may take ages to pick the root password (provided you have right anti-brute daemon installed), but they will make their lives miserable over it, while leaving the same passwords typed in the terminals and written on paper scraps lying on the desk, not to mention a lot of more obvious things. -- Mike Kazantsev // fraggod.net signature.asc Description: PGP signature
