Re: [gentoo-user] OT -- superuser file manager access to remote via ssh with no root login?

[Mike Kazantsev <mike_kazantsev@fraggod.net>]

[-- Attachment #1: Type: text/plain, Size: 1406 bytes --]

On Tue, 24 Feb 2009 09:02:42 -0800
Michael Higgins <linux@evolone.org> wrote:

> I can't figure this one out. 
> 
> Have disallowed root login, public key auth.
> 
> Have a bunch of random renaming to do on that machine though, so
> would like to point and click for a change.
> 
> Is this possible? No GUI libs on the remote machine...
> 
> I was thinking sshfs, but since I can't login directly as root, is
> there some other way?

I can see several solutions, as well:

1. Restrict root auth to public key and bind public key to your IP
only ( 'from="<IP>" ssh-dss ...' in authorized_hosts, or tcp wrappers ).

2. Create login like 'somerandomuser' (you can actually use a hash
here, if you're security-crazed) and disallow root auth from pam, not
sshd.

3. Since it sounds like you have no need to do it repeatedly, why not
open root and do the stuff? Provided you don't have '123' as password.


While I think security is overally a good thing, making some aspects of
it a pain in the ass is what I just can't understand in people: it may
take ages to pick the root password (provided you have right anti-brute
daemon installed), but they will make their lives miserable over
it, while leaving the same passwords typed in the terminals and written
on paper scraps lying on the desk, not to mention a lot of more obvious
things.

-- 
Mike Kazantsev // fraggod.net

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]