On Sun, Jan 18, 2009 at 11:22 PM, Scott Rohling <[email protected]> wrote:
> We implemented this within IBM: > - Distributed the 'authorized_keys' to /home/support/.ssh with the support > user's public key on the central system. This is the questionable part of the process I think. Your security guidelines also require the user to take action when his private key would be compromised (by generating a new key pair). When you have put his public key on various servers, the user may not have such control anymore. A more attractive option IMHO is to have sshd obtain the public keys from an LDAP database. When you have both access lists and public keys there, it makes managing system access much easier. Rob ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
