[TriLUG] Shared user account best practices

Shawn Hood shawnlhood at gmail.com
Thu Jul 10 12:43:45 EDT 2008


Doh!  Yes, I failed to mention that we will be using pre-shared keys.
I guess I should be more clear:  Are there other practices that are
preferred for such tasks?  Should I be approaching this problem from
another angle that will improve security and accountability?

Shawn

On Thu, Jul 10, 2008 at 12:31 PM, Warren Myers <volcimaster at gmail.com> wrote:
> Can you use a pre-shared ssh key, and lock down the user on the remote box
> (either directly, or using ldap/nis/whatever) so it can only do the tasks
> you allow?
>
> WMM
>
> On Thu, Jul 10, 2008 at 12:22 PM, Shawn Hood <shawnlhood at gmail.com> wrote:
>
>> All,
>>
>> Shared user account best practices?  Seemingly a misnomer.  :)
>>
>> At any rate, I was hoping to get some guidance on the following issue.
>>  My organization needs user accounts to be used by scripts for
>> automated tasks (e.g. deploying an application build to a server,
>> logging into to check certain aspects of a system).  I've seen
>> configurations where certain users are only allowed to execute a
>> certain set of commands via SSH instead of actually getting a shell.
>> This seems like a step in the right direction.  Any other ideas?
>>
>>
>> --
>> Shawn Hood
>> 910.670.1819 m
>> --
>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>
>
>
>
> --
>
> Warren Myers
> http://warrenmyers.com
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>



-- 
--
Shawn Hood
910.670.1819 m



More information about the TriLUG mailing list