On Mon, Apr 30, 2012 at 3:30 AM, Erik Anderson <erikerik at gmail.com> wrote: > On Mon, Apr 30, 2012 at 1:51 AM, Mike Miller <mbmiller+l at gmail.com> wrote: > > I also like the sudo idea, but I see one shortcoming -- most people use > > their own password to gain root permissions via sudo > > Well, this applies mostly to connecting to a host via ssh, I don't think modern distros, unix included, ship with telnet and naked rsh enabled anymore, do they? > but you > turn off PasswordAuthentication and authenticate instead with a > keypair, where the private key is encrypted with a different > passphrase than then one that is hashed in the remote system's > /etc/shadow. > > I find it quite funny that so many people grouse (I'm speaking > generally here, not trying to infer that you have anything against > this) about turning off PasswordAuthentication when in reality, PKA is > far easier to use and is far more secure once it's set up Once it's set up it's the best of both worlds - secure and convenient. I hadn't though about going one step further and disabling password auths via ssh. I like the idea though - any system I'd need to possibly to get on under "desparate circumstances" where ssh isn't viable, I can do it on the console. Thanks for sharing! -Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20120430/09835ab0/attachment.html>