![]() Pam_ssh_agent_auth requires ssh-agent forwarding in order to work over ssh. Is there some security caveat I'm missing why this is not more widely sudo has some advantages with its fine-grained control, but to rely on its logging capabilities, you would need to set up remote logging, as otherwise people with root access can falsify past logs. For servers however, most tasks will already require sudo, so both points get weak. The purpose of sudo is to give accounts that are logged in some separation between untrusted applications and admin-like tasks, and make users aware they are changing the system (and have to watch out). If people log in, and they have root access (through some mechanism), they usually do maintaining tasks, where they will use sudo for >90% of the time. In my opinion, sudo for server admins is a bit overkill.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |