Laurie Brown wrote:
Chris G wrote:
(Assuming root isn't allowed to ssh and you're worried about attacks that way)
We overcome that in 2 ways:
These settings have been debated a few times at the co-op. As a result, we have different servers with different settings. Workers have identified problems with both of these ways:
- we don't allow root to SSH
Now I agree with that, but I think tramp (for Emacs) is the only pseudo-filesystem that allows elegant editing of root files through sudo with its "multi-hop methods". So, there is pressure from Vi users to allow root sftp at least on loopback.
- We only permit key-pair SSH login
I think the weaknesses in this one are:
a) ssh clients on mobile devices, some of which need the key to be generated on one host and then converted and sent to the mobile device. (putty on s60, for example)
b) inability of the server to detect if the key has a passphrase. If it doesn't, then isn't it no better in theory than a password login?
Has anyone smarter than me got solutions for any of those?
Thanks,