[Dirvish] ssh as root going away
Paul Slootman
paul at debian.org
Tue Sep 19 02:12:35 UTC 2006
On Mon 18 Sep 2006, Ken Dyke wrote:
>
> Looking for solutions others may come up with before inventing my own.
>
> Sar-Ox auditors have finally gotten around to "no root login via ssh" to
> their list of checkboxes. So, I need a way to run dirvish that does not
> involve ssh as the root user.
A possibility may be to run rsync as a daemon? But that probably won't
be accepted either... (although it's unlikely they have a checkbox for
that :-)
Take a look at http://www.hackinglinuxexposed.com/articles/20030115.html
for usage of authprogs to limit what commands may be run with ssh;
depending on how smart those auditors are you may be able to convince
them that that is a safe way of using ssh as root for rsync. Otherwise
you probably need to connect as some other user and use sudo (without
password) to run rsync; there was some discussion on this topic over on
the rsync mailing list this month.
Paul Slootman
More information about the Dirvish
mailing list