in reply to Remote Administration

Hi Tilly,

How would you go about setting up trusted users on various machines who can login w/o passwords?

You can spoof IP, MAC ...?

It sounds very interesting, but more insight would be greatly appreciated?
 

"cRaZy is co01, but sometimes cRaZy is cRaZy".
                                                      - crazyinsomniac

  • Comment on (crazyinsomniac) Re: Remote Administration

Replies are listed 'Best First'.
RE: Re: Remote Administration
by BlueLines (Hermit) on Aug 18, 2000 at 04:39 UTC
    look here for info about setting up passwordless RSA authentication. Or read the ssh manpage.

    spoofing ip addresses/mac addresses won't work with this method since it's key based, not host based. If someone had access to your private key, then they could use your account to machines that you already set up a trust relationship with. But the only person besides you who could access that key is root (it wont work unless your keys are set go-rwx). And if you don't trust the admin on your machine, you shouldn't set this up in the first place.

    Also, make sure you are using the legally correct version of SSH. SSH2 is much more restrictive than SSH1, and ssh-1.2.27 is the last version free for all use. Read the license. You may also want to check out OpenSSH which is released under the BSD license.

    BlueLines

    Disclaimer: This post may contain inaccurate information, be habit forming, cause atomic warfare between peaceful countries, speed up male pattern baldness, interfere with your cable reception, exile you from certain third world countries, ruin your marriage, and generally spoil your day. No batteries included, no strings attached, your mileage may vary.
[reply]
RE (tilly) 2: Remote Administration
by tilly (Archbishop) on Aug 18, 2000 at 04:33 UTC
    I am not sitting at a machine so configured, but glancing at the sshd man page I believe you have to trust RSAAuthentication for version 1 and DSAAuthentication for version 2 to do it.

    This, of course, results in specific users on several machines getting automatic access to others, and means that a root exploit on any machine turns into user accounts on several. OTOH you stop having to have passwords sitting around in scripts, possibly passed in environment variables, and other such mistakes. Pick your poison. Personally I think it is worthwhile but I am no security expert.

    BTW a good tool to use with ssh is rsync. :-)

[reply]

In Section Seekers of Perl Wisdom