Secure remote shell
Girish Venkatachalam
girishvenkatachalam at gmail.com
Wed Nov 28 21:18:21 PST 2007
On 11:28:24 Nov 29, Olivier Nicole wrote:
> Hi,
>
> Part of (un)registerings users on my system consists in connecting to
> various servers to add the user account to some services:
>
> Registering users is done wia a web page, and the web server will
> remote execute a script on the mail server to add the users in the
> aliases and run newaliases, remote execute a script to the radius
> server to add the user in the radius tables and restart radius, etc.
>
> Of course all the remote execution should be done as root :(
>
No. Use sudo(8)
And tighten it up. Giving remote users root access should never ever be
done.
Typically each user should run a suid script or something.
> So far, one specific user from the web server can rsh -l root to the
rsh? Are you living in a cave? :)
ssh(8) was released several years ago.
rsh is horribly insecure and broken whereas ssh(8) has an excellent
security track record.
-Girish
More information about the freebsd-questions
mailing list