On Sat, Oct 10, 2015 at 10:19 PM, A O Doll <[email protected]> wrote:
> I'd really like to see a method of automating some of our tasks. Is there > a reliable method of interacting with SSH? We currently use Putty. > If you use PuTTY, make sure you get to know its friends plink, pscp and psftp. All are provided with the PuTTY install materials (either the .ZIP file or the installer, depending on which you chose). plink, pscp and psftp are command line tools and can be launched from CMD.exe or PowerShell. There are other SSH implementations, too. Cygwin is popular, but basically brings in a whole Unix environment that you may find alien. There is also Git Bash; also more like Unix, but a lighter footprint than Cygwin (but not as light as PuTTY). Use SSH key authentication, but have a framework for managing keys. Unmanaged keys can leave your environment basically unsecured. Have a strategy for how many keys each person has, and who is allowed to add them to a particular server. Enforce that, ideally with some automation. Also, you may find it helpful to plug your Linux servers into your Active Directory domain using something like Centrify. Having multiple identity repositories can lead to all kinds of issues (including audit issues, if anyone is watching over your environment). In general, avoid the use of su, as it requires sharing the root password. Either automate that stuff using a configuration management tool such as Puppet, Chef or Ansible, or, at least, use sudo. (There are some who say there are security issues with sudo, however I've never had success finding current examples. That's not to say that sudo is perfect. There are other tools, typically for other environment like Solaris RBAC, that may improve on the problem space. However, in general, if you were starting with su, sudo is a security upgrade. Read Michael W Lucas' Sudo Mastery. For that matter, read Michael W Lucas' SSH Mastery and keep in mind that you generally substitute the "plink" command for the "ssh" command.) It sounds like you may benefit from a copy of The Linux System Administration Handbook. At the very least, make sure you actually take a pass through the administrative guide for the Linux flavors you use. Red Hat, for example, actually has very good documentation that explains the some of the underlying choices for the implementation, as well as how to do many tasks.
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
