Ken Gunderson wrote: > On Thu, 2008-12-04 at 10:04 +0100, Damian Wojslaw wrote: > >> Iain MacDonnell pisze: >> >>> I don't think roles can login [via ssh]. I don't have an osol system >>> at hand to test... >>> >> Roles cannot log in. Only real users can. Besides asking yourself a >> question, why would you ever need to allow remote root logins, you need >> to change root to a normal user and give a password. >> > Finally some sense talking here ^^^^^^ > > Assuming remote box is non OSOL: > > 1) Config Mortal Account as necessary to allow root access > > a) su > b) or even better sudo to provide more granular control > c) or even better(-er?) use RBAC with privileges > 2) Further restrict who can connect via SSH > > a) create sshusers group and add users as appropriate > b) Add to sshd_config: AllowGroups sshusers > --JeffV
_______________________________________________ sysadmin-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
