On Mon, 30 Apr 2012, Erik Anderson wrote: > On Mon, Apr 30, 2012 at 1:51 AM, Mike Miller <mbmiller+l at gmail.com> wrote: > >> I also like the sudo idea, but I see one shortcoming -- most people use >> their own password to gain root permissions via sudo, but that means if >> someone gets their password, they can access not just their data, but >> they can completely own the system. It seems like it would be safer to >> use one password to login and a different password for sudo. I assume >> that can be done, but I haven't done it, and I'm not sure of how to do >> it. > > Well, this applies mostly to connecting to a host via ssh, but you turn > off PasswordAuthentication and authenticate instead with a keypair, > where the private key is encrypted with a different passphrase than then > one that is hashed in the remote system's /etc/shadow. > > I find it quite funny that so many people grouse (I'm speaking generally > here, not trying to infer that you have anything against this) about > turning off PasswordAuthentication when in reality, PKA is far easier to > use and is far more secure once it's set up. Yes, there are a few steps > one has to go through and a few incantations to say to get the keys > generated, get 'em in the right place, and ensure that > ownership/permissions are set correctly, but once that's done, Bob's yer > uncle. I don't fully understand this, but I think it is a valuable idea that I should know more about. It's one of those things that I've been wanting to get into for years but haven't gotten around to, yet. One question: If I have several Linux servers that I regularly log into via ssh, almost always from other Linux servers, if I use PKA to log into these machines, doesn't that mean that if someone manages to get into one machine, he'll be immediately able to get into all of them? And would he also be able to acces enough information to connect again from other locations? I get your idea -- anyone connecting using the keys wouldn't be able to use sudo unless he knew the sudo password. That's good, but can't that also be accomplished by having a sudo password that is different from the user password? (Which is what I was asking about above.) I have a different user password on every machine I log into, and I could easily also have a different sudo password, too. Mike