[PLUG] Best Practice for a Non-Best Practice task....
Tim
tim-pdxlug at sentinelchicken.org
Sat May 10 21:08:55 UTC 2008
> But is there a way to require root (an only root) to require ssh key
> exchange and not allow remote password login?
Terry might have a better solution for you there, but I've done this
before for non-root users for system accounts and such. You can simply
lock the user's password hash, disabling all password login for that
user with:
# password -l <USER>
However, ssh key logins should still work fine. Of course for root that
means you can't su anymore, but you should be using sudo anyway, right?
Of course this solution may not work if you're using LDAP or something
as a backend (but who does that for root users anyway?).
HTH,
tim
More information about the PLUG
mailing list