[SAC] Proposal: Keys for SSH logins

Alex Mandel tech_dev at wildintellect.com
Mon Oct 3 16:50:11 EDT 2011


For security reasons it's been suggested we move all of our system
logins to use SSH keys. Does anyone have any good solutions to make this
feasible without having to copy keys to individual accounts on multiple
machines?

Ideally it would be great to disable password based logins to help deter
sniffing and breaking. It would also make things more difficult once
someone was in as the password would not be known for sudo if they broke
in via key (technically possible but difficult).

Note: LDAP will still be used to enforce which accounts can login to
which machines, and your LDAP password will still work on https based
website logins.

For those who like to be pro-active, feel free to use ssh keys with your
current logins.

ssh-copy-id user at nameofmachine will copy your key over.

Thanks,
Alex


More information about the Sac mailing list