Bryen wrote: > Another solution is to avoid using passwords altogether in ssh by using > authorization keys. This is a very simple solution to implement, and if > you ban the use of passwords over ssh and use keys instead, you make > your ssh session more secure too. > > In this case, you would place the user's public key in root's > authorized_keys file. User logs into root via SSH with keys, and no > password is ever submitted. Of course, the drawback here is having to > clean up the authorized_keys file when necessary, and I'm not sure how > to do that. > > Of course, there are several other solutions I can think of here using > ssh with keys but I'm sure you get the drift here. > > > Each authorized user has a line in authorized_keys. Just delete that line and access is gone. What I like to do is copy all the public keys (with unique names) into a directory and then them all in one shot into the authorized_keys file. That way it's easier to maintain that list. If someone is cut off, just delete their file and cat the files again.
-- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
