Tom Kern from DOE called me with a good solution, using pubkeys and in the sshd_conf file, set PermitRootLogin to without-password. Did a google search on " PermitRootLogin without-password" and got allot of hits, trying to set up a test right now (phone keeps ringing with other peoples problem;-0). But this is looking like the best solution. Will update soon, thanks for the suggestions.
Thanks Tom for pointing me in the right direction. James Chaplin Systems Programmer, MVS, zVM & zLinux Base Technologies, Inc -----Original Message----- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Romanowski, John (OFT) Sent: Friday, January 16, 2009 1:49 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Security question and using scp Have the same issue here. As workarounds I sometimes use an NFS mount to transfer multiple files, or a VDISK used a thumb drive to copy multiple files from one guest to another on the same VM system > -----Original Message----- > From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of > CHAPLIN, JAMES (CTR) > Sent: Friday, January 16, 2009 11:20 AM > To: LINUX-390@VM.MARIST.EDU > Subject: Security question and using scp > > We have a security requirement (which is common with Linux) to prevent > ssh login for root (setting PermitRootLogin to no). One problem we > find, as system administrators, we like to use secure copy (remote file > copy program, scp) files between systems. However this will not work > for > any root level files, since scp uses ssh to copy files over a network. > Does anyone have a suggested solution or better way around this issue? > > > > James Chaplin > > Systems Programmer, MVS, zVM & zLinux > > Base Technologies, Inc > > Supporting the zSeries Platform Team > Data Center Operations Branch > > Enterprise Data Center Operations Group > Enterprise Data Management & Engineering Division > > Office of Information and Technology > > Department of Homeland Security/U.S. Customs & Border Protection > > (703) 921-6220 > > james.chap...@cbp.dhs.gov > > > > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 > or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 This e-mail, including any attachments, may be confidential, privileged or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
