Quote:
Originally Posted by
dvbell
I access over 100 SUSE SLES servers as root from my admin server, via ssh sessions using ssh keys, so I don't have to enter a password. My SUSE Admin server is setup in the following manner:
1) Remote root access is turned off in the sshd_config file.
2) I am the only user of this admin server.
3) My user account is not allowed sudo access, so I must use su and know the root password.
4) ssh keys are setup to the remote servers root accounts.
So, you have explicitly disabled direct root logins -- then banned the other safe automatic login tool. Do you truly need root?
If you allowed direct root login, you could create an ssh key that has its own password, so you must provide the password to your ssh
client to use the key. And you could use ssh-agent to hold the key around temporarily for convenience (or not, to just be asked for the password every time.)
If you allowed sudo instead, you could disable direct root logins and use the same scheme to login to a
non-root account with sudo access. It could be a special account for this purpose and no other, so you could flag it and
only it in sudoers. This is what I do.