[TriLUG] Shared user account best practices
Shawn Hood
shawnlhood at gmail.com
Thu Jul 10 12:43:45 EDT 2008
Doh! Yes, I failed to mention that we will be using pre-shared keys.
I guess I should be more clear: Are there other practices that are
preferred for such tasks? Should I be approaching this problem from
another angle that will improve security and accountability?
Shawn
On Thu, Jul 10, 2008 at 12:31 PM, Warren Myers <volcimaster at gmail.com> wrote:
> Can you use a pre-shared ssh key, and lock down the user on the remote box
> (either directly, or using ldap/nis/whatever) so it can only do the tasks
> you allow?
>
> WMM
>
> On Thu, Jul 10, 2008 at 12:22 PM, Shawn Hood <shawnlhood at gmail.com> wrote:
>
>> All,
>>
>> Shared user account best practices? Seemingly a misnomer. :)
>>
>> At any rate, I was hoping to get some guidance on the following issue.
>> My organization needs user accounts to be used by scripts for
>> automated tasks (e.g. deploying an application build to a server,
>> logging into to check certain aspects of a system). I've seen
>> configurations where certain users are only allowed to execute a
>> certain set of commands via SSH instead of actually getting a shell.
>> This seems like a step in the right direction. Any other ideas?
>>
>>
>> --
>> Shawn Hood
>> 910.670.1819 m
>> --
>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>
>
>
>
> --
>
> Warren Myers
> http://warrenmyers.com
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>
--
--
Shawn Hood
910.670.1819 m
More information about the TriLUG
mailing list