 | | | restrict remote logins to service accounts. | restrict remote logins to service accounts. 2006-01-17 - By Mikhail Kruk
Back
Is just setting shell to /usr/libexec/openssh/sftp-server an option?
It worked for me at some point. scp probably won't work, but maybe you
can replace scp with sftp in your scripts?
David.Knight@(protected) wrote:
> Well we are working towards using key based authentication however there
> is allot of custom code that we are having to port from Unix/rlogin to
> Linux/scp. Not quite there yet.
> Thanks!
> -David Knight
>
>
>
>
> "Mark Waterhouse" <mark@(protected)>
> Sent by: taroon-list-bounces@(protected)
> 01/17/2006 09:59 AM
> Please respond to "Discussion of Red Hat Enterprise Linux 3 (Taroon)"
>
> To: "Discussion of Red Hat Enterprise Linux 3 (Taroon)"
> <taroon-list@(protected)>
> cc:
> Subject: Re: restrict remote logins to service accounts.
>
>
> Have you considered using ssh keys. If you stop people from using
> PasswordAuthentication and utilise ssh keys, you could then ensure that
> your service accounts are used from cron etc; unless of course your admin
> had local root access and decided to authenticate via the crontabs key :-/
>
> Mark
> -- -- Original Message -- --
> From: David.Knight@(protected)
> To: taroon-list@(protected)
> Sent: Tuesday, January 17, 2006 3:35 PM
> Subject: restrict remote logins to service accounts.
>
>
> All,
> I have an issue with Admins/DBA's logging into my servers directly as
> service accounts such as user 'oracle'. I have had a hard time getting
> people to adopt the use of sudo. I am at the point where I need to
> restrict direct logins to these accounts. My goal is to force people to
> sudo to the service accounts from there assigned user account. I only
> allow ssh/scp connections to my servers. I have tried the sshd.config
> option "AllowUsers" but this also restricts scp logins. I can;t restrict
> this for automated processes run under the service accounts use scp. So
> the only thing I need to restrict is direct remote "ssh" logins.
> Any suggestions would be great.
>
> -David Knight
>
> --
> Taroon-list mailing list
> Taroon-list@(protected)
> https://www.redhat.com/mailman/listinfo/taroon-list--
> Taroon-list mailing list
> Taroon-list@(protected)
> https://www.redhat.com/mailman/listinfo/taroon-list
>
>
>
> -- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----
>
> --
> Taroon-list mailing list
> Taroon-list@(protected)
> https://www.redhat.com/mailman/listinfo/taroon-list
--
Taroon-list mailing list
Taroon-list@(protected)
https://www.redhat.com/mailman/listinfo/taroon-list
|
|
|