Same rule here.... (if only some of these vendors (cough ibm/tivoli cough) would comprehend... )
1. "scp -p filename non-rootu...@target.system" and then SSH to the target system, su to root, move the file to the right place and chown it back to what it should be. That's what I mainly do -- except I do the copy and then "ssh ma...@host sudo mv somefile /etc/somefile" Marcy "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." -----Original Message----- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Mark Post Sent: Friday, January 16, 2009 8:33 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: [LINUX-390] Security question and using scp >>> On 1/16/2009 at 11:20 AM, "CHAPLIN, JAMES (CTR)" <james.chap...@associates.dhs.gov> wrote: > We have a security requirement (which is common with Linux) to prevent > ssh login for root (setting PermitRootLogin to no). One problem we > find, as system administrators, we like to use secure copy (remote > file copy program, scp) files between systems. However this will not > work for any root level files, since scp uses ssh to copy files over a network. > Does anyone have a suggested solution or better way around this issue? While I agree with the principle of no direct root logins, this side effect bugs me to no end, since I do a lot of scp work. The only ways I've found to get around it are to: 1. "scp -p filename non-rootu...@target.system" and then SSH to the target system, su to root, move the file to the right place and chown it back to what it should be. 2. Create a tar file with the file in it, scp it as the non-root user, SSH to the target system, su to root, untar the file in place. 3. Enable SSL FTP, then get and use an SSL FTP client. Mark Post ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
