On Mon, May 15, 2006 at 02:33:31PM +0200, Krassen Deltchev wrote: > what is better to be used:: > a root authentification to a remote server over ssh or just a user > authentifaction to this very server+ #su root and then authentificate > the root access?
I'd say 'which is better' depends on the context. Whether you are using ssh or not, if you can avoid being root, that's better. Sometimes of course, you must be root. If the set of tasks you are remotely performing via ssh is limited, you might consider using the 'command' option (see the AUTHORIZED_KEYS section of 'man sshd' for details) in your remote host's authorized_keys file to set up a restricted set of operations. For example, on the local machine, you might like to create a special key dedicated to a particular purpose, e.g. ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa_transfer If you wanted to transfer a file from the remote machine that was only readable by root, you might set up the remote machine's authorized_keys file to include something like: command="cat /path/to/afile" <insert ~/.ssh/id_rsa_transfer.pub key here> Now, from the local machine, you can do something like: ssh -i ~/.ssh/id_rsa_tranfer.pub [EMAIL PROTECTED] > /a/local/file Depending on your application, you may want/need to include other options like 'no_pty' in your authorized_keys file (see man page for options). -- Ron Peterson Network & Systems Manager Mount Holyoke College http://www.mtholyoke.edu/~rpeterso -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]