Re: Loging in to mike

[Doug Welch <welch@physics.mcmaster.ca>]

I agree 100% - SSH public keys are the way to go.

Cheers,
Doug

On Mon, 2004-10-18 at 03:34, Geoff O'Callaghan wrote:
> On Sat, 16 Oct 2004 03:55 am, droege@snapmail.us wrote:
> > OK, you all should know that I don't know what I am doing.
> >
> > I just created the login worker with password ysduaup
> 
> Hi Tom,  I'm a little concerned for your system with this level of security.
> Have you considered using disabled for password accounts that can only be
> accessed by validated users ssh keys?
> 
> ie.  You still have the one account called 'worker' - you cannot logon to it
> using a password so someone can try and guess the password till they turn
> blue in the face (eg.  passwd -l worker;passwd -x 99999).   People who you
> want to allow to access the 'worker' account send you their ssh public key
> and you install it into the 'worker' ~/.ssh/authorized_keys2 file
> 
> With that sort of approach you can control who you want to have access to
>  your system, you don't have to worry about changing/distributing passwords
>  and having that password float into the hands of someone undesirable.
> 
> It does depend on everyone being familiar and comfortable using ssh keys
> rather than passwords.
> 
> I can provide more details if required.
> 
> -goc-