On Mon, 2011-05-23 at 10:28 +1200, Derek Smithies wrote: > Hi, > > On 22/05/11 20:34, Nick Rout wrote: > > > > Reporting back with success! > > > > to recap, I have a globalscale guruserver plus for which I could not > > remember the root password, making it rather difficult to make some > > software mods and updates. > the issue this whole sorry saga raises is one of passwords, and > password protection... > > On the firewall boxes, a bit of paper and sellotape with the root > password written down > is a good thing. Even, write the password down with some jumbling > algorithm to make it > less obvious.. > > No doubt, some would say, "but that is insecure".. If they have physical > access, then it > is all over anyhow - and they will be grabbing things that can be easily > sold, and not > bothering with little boxes. > > Cheers, > Derek. > TBH, I use keys wherever possible. Secure as from everywhere but the odd PC, which can be accessed from your usual workstation in the same manner if you wish for even more security. If you want to be posh, the latter idea is/used to be called a bastille server.
Even using dsa keys in this situation is probably overkill, so... ssh-keygen -t rsa (hit enter for defaults) scp ~/.ssh/id_rsa,pub remuser@remote:/tmp ssh remuser@remote mkdir .ssh (ignore errors if exists) cd .ssh cat /tmp/id_rsa.pub >> authorized_keys chmod 700 . rm /tmp/id_rsa.pub You will now be able to ssh into remote as remuser without being prompted for a password. If you also provide this account with necessary sudo rights (and don't require root password to sudo), then you'll have an easy method of securely accessing remote devices. hth, Steve -- Steve Holdoway BSc(Hons) MNZCS <[email protected]> http://www.greengecko.co.nz MSN: [email protected] Skype: sholdowa
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
