[EMAIL PROTECTED] wrote:
On Thu, 12 Oct 2006 at 15:02, Eduardo Tongson wrote:
Ssh'ing to root with key-only plus a good passphrase is best.
Avoid ugly workarounds and unnecessary complexity like port
knocking and sudo.
ssh in as root, this is not the 90's anymore.
It may not be the 90s, but I can't count the number of times sudo has
saved me from disaster. I have different passwords on all my boxes (I
admin or work on 20+ machines), and I have far too often found myself
wondering why my password isn't working when I'm trying to do an 'sudo
reboot' (or, worse, shutdown) or some other dangerous command, only to
figure out that I'm typing the command in the wrong window....and that's
despite having the machine name in my zsh prompt.
--David
Yeah, maybe I should start working like that.
I'm in the midst of moving my web/email multi-vhost server to a new
machine. The other day I tarred up the whole vpopmail domains directory
and transferred it to the new machine. The following day I was
struggling with figuring out why some mail settings weren't working and
decided to just delete the domains directory I had copied to the new
machine.... except I wasn't on the new machine... had ssh'ed over to my
live box to check something! It took me about 30 seconds to realize what
I'd done and then I danced around the apartment proclaiming my stupidity
to the heavens. :-O
So, sudo with different passwords might have saved me some pain (I say
"might" because you can still do some damage in the wrong window while
sudo has the password.)
b
--
[email protected] mailing list
