On Sun, Jan 14, 2007 at 02:36:10PM +0100, Adrian von Bidder wrote: > I have users a, b, c, d, e. All users except e can have shell access, but > beecause shell access is powerful, must not be able to log in with > password, but only with public key.
If you don't trust your users to keep their passwords secure, why do you trust them to keep their secret keys secure? > User e is allowed to log in with > password and is restricted by rssh to only use scp, sftp or rsync so that > even if that password is stolen/guessed, the attacker can at most deface > the hosted web site in e's directory. Public keys can be stolen too. If you consider this a risk, you should stick with rssh or improve the user isolation on the server (SELinux/RSBAC/AppArmor and rsh/jails/containers/...). If possible, a simple method to gain some protection against guessed passwords is to restrict access to some known clients. One final question: Why can't e use public key auth? Michel
signature.asc
Description: Digital signature
