restrict remote logins to service accounts.

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

restrict remote logins to service accounts.

restrict remote logins to service accounts.

2006-01-17 - By David.Knight@(protected)

Back

Reply: 1 2 3 4 5 6 7 8 9 10 >>

Well we are working towards using key based authentication however there
is allot of custom code that we are having to port from Unix/rlogin to
Linux/scp. Not quite there yet.
Thanks!
-David Knight

"Mark Waterhouse" <mark@(protected)>
Sent by: taroon-list-bounces@(protected)
01/17/2006 09:59 AM
Please respond to "Discussion of Red Hat Enterprise Linux 3 (Taroon)"

To: "Discussion of Red Hat Enterprise Linux 3 (Taroon)"
<taroon-list@(protected)>
cc:
Subject: Re: restrict remote logins to service accounts.

Have you considered using ssh keys. If you stop people from using
PasswordAuthentication and utilise ssh keys, you could then ensure that
your service accounts are used from cron etc; unless of course your admin
had local root access and decided to authenticate via the crontabs key :-/

Mark
-- -- Original Message -- --
From: David.Knight@(protected)
To: taroon-list@(protected)
Sent: Tuesday, January 17, 2006 3:35 PM
Subject: restrict remote logins to service accounts.

All,
I have an issue with Admins/DBA's logging into my servers directly as
service accounts such as user 'oracle'. I have had a hard time getting
people to adopt the use of sudo. I am at the point where I need to
restrict direct logins to these accounts. My goal is to force people to
sudo to the service accounts from there assigned user account. I only
allow ssh/scp connections to my servers. I have tried the sshd.config
option "AllowUsers" but this also restricts scp logins. I can;t restrict
this for automated processes run under the service accounts use scp. So
the only thing I need to restrict is direct remote "ssh" logins.
Any suggestions would be great.

-David Knight

--
Taroon-list mailing list
Taroon-list@(protected)
https://www.redhat.com/mailman/listinfo/taroon-list--
Taroon-list mailing list
Taroon-list@(protected)
https://www.redhat.com/mailman/listinfo/taroon-list

<ul>
<li>Well we are working towards using key
based authentication however there is allot of custom code that we are
having to port from Unix/rlogin to Linux/scp. Not quite there yet.
 Thanks!
 -David Knight
 
 
 
<table width=100%>
<tr valign=top>
<td>
<td>"Mark Waterhouse" <mark@(protected)
-systems.com>
 Sent by: taroon-list-bounces@(protected)
01/17/2006 09:59 AM
 Please respond to "Discussion of
Red Hat Enterprise Linux 3 (Taroon)"
<td>        
         To:
       "Discussion of Red Hat Enterprise
Linux 3 (Taroon)" <taroon-list@(protected)>
         cc:
       
         Subject:
       Re: restrict remote logins to service
accounts.</table>
 
 
 Have you considered using ssh keys. If you
stop people from using PasswordAuthentication and utilise ssh keys, you
could then ensure that your service accounts are used from cron etc; unless
of course your admin had local root access and decided to authenticate
via the crontabs key :-/
  
 Mark
 -- -- Original Message -- -- 
 From: <a href=mailto:David.Knight@(protected)>
David.Knight@(protected)</a>

 To: <a href="mailto:taroon-list@(protected)">
taroon-list@(protected)</a>

 Sent: Tuesday, January 17, 2006 3:35 PM
 Subject: restrict remote logins to service accounts.
 
 
All, 
I have an issue with Admins/DBA's logging into my servers directly as service
accounts such as user 'oracle'. I have had a hard time getting people to
adopt the use of sudo. I am at the point where I need to restrict direct
logins to these accounts. My goal is to force people to sudo to the service
accounts from there assigned user account. I only allow ssh/scp connections
to my servers. I have tried the sshd.config option "AllowUsers"
but this also restricts scp logins. I can;t restrict this for automated
processes run under the service accounts use scp. So the only thing I need
to restrict is direct remote "ssh" logins.
 
Any suggestions would be great. 
 
-David Knight 

<hr>
-- 
Taroon-list mailing list 
Taroon-list@(protected) 
https://www.redhat.com/mailman/listinfo/taroon-list<tt>--
 
Taroon-list mailing list 
Taroon-list@(protected) 
https://www.redhat.com/mailman/listinfo/taroon-list</tt>
</ul>
--
Taroon-list mailing list
Taroon-list@(protected)
https://www.redhat.com/mailman/listinfo/taroon-list