hi ya
in order to update 10, 100 boxes ... with new setof changes..
you do NOT need to login into any of um ... many different ways to update
each target box based on some "master distribution server"
-- you do want to test the updates in a test farm before it goes out to
production and protect that master server from "foul play"
( lots of sanity checking )
-- rsync, apt-get, custom-update.pl, .... lots of ways to update 10 or
100 or 1,000 servers once "master distribution server" is updated
- am assuming that "automated updates via cron" is acceptable
( i use a custom update script of only files i allow to be changed
( based on a master server
-- cant see wanting to logging into 100 or 1000 machines manually..
which means either the passwd is written down... or that there's
an algorithm to its passwd ...
( i think using keys is bad... imho... if one machine is hacked...
( than they can log into all the rest of um with no effort...
- guess its whatever one feels comfy with...
fun stuff... :-)
c ya
alvin
On Wed, 26 Jun 2002, Travis Cole wrote:
> On Wed, Jun 26, 2002 at 02:11:00PM +0200, InfoEmergencias - Luis Gómez wrote:
> > Hi all
> >
> > Messing up with sshd_config for all the privsep stuff, I've noticed that
> > PermitRootLogin was set to yes in my three woody boxes. I usually
> > consider this a problem (although it has been my fault - i should have
> > checked and noticed this much time ago). What do you think of this?
> >
> > IMHO, we'd better set it to no. I always thought it was much better. Is
> > there any landscape in which you may want to allow direct root login to
> > your host?
>
> Not IMO.
>
> I thank my lucky stars every day that it was decided to allow root logins by
> default.
>
> I have 194 Debian boxes to look after. I have ssh identity keys setup.
>
> I can't go login to every box individually and run sudo or su every time I
> want
> to change something.
>
> I need to automate it, and I need to touch them all at once.
>
> If it did default to off then I would have to carefully change that
> every single time I upgrade ssh packages, or roll my own ssh packages.
>
> Allowing root logins is such a huge convenience when you have many
> machines that its really a must.
>
> And when you only have a few machines its easy enough to go to each
> one and disable it.
>
> --
> -tcole
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
