ssh and tty and sudoers file.
Brian McKee
brian.mckee at gmail.com
Tue Aug 19 15:56:02 UTC 2008
On Tue, Aug 19, 2008 at 1:22 AM, Knapp <magick.crow at gmail.com> wrote:
> The original idea was that if you get hacked somehow (weak keys comes to
> mind from that programming error) then the hacker is not allowed to use su
> (turned off)or sudo (limited to localhost use only).
>
> You could do what you say but that would make it so that if you needed sudo
> you must sign out of your normal account and sign in as a sysop. Sudo was
> made to avoid that in the first place.
As opposed to signing off and moving to the console to log in locally?
Not sure I see the gain unless it's more of a single user box than a
server, but note my last suggestion
>> lastly I see from a google search that ssh can deny groups as well as users -
>> http://www.cyberciti.biz/tips/openssh-deny-or-restrict-access-to-users-and-groups.html
>> so why not put all the sudo people in a group and then deny that group thru ssh?
Assuming you only allow access via ssh remotely (and not telnet et
al), then this would do what you are looking for.
Brian
More information about the ubuntu-users
mailing list