[rsbac] ssh rc-role

tazok tazok.id0 at gmail.com
Thu Aug 24 19:09:50 CEST 2006

2006/8/24, Amon Ott <ao at rsbac.org>:
> If you use passwords for ssh connection, e.g. also use RSBAC User
> Management and only allow setuid to authenticated uids.

> If you are sure you will never need to administrate through ssh, you
> can run sshd in a jail.

> In a more detailed setup, your secoff uid is never available with ssh,
> only other users with limited admin rights. The RC separation of duty
> scheme with administrated roles and special access rights etc. allows
> to split the admin tasks a lot.
> Amon.

This sound interesting. I will not use the access to the secoff
account by the sshd daemon, but I will control the access to it for
the login program by the um way.

Thank you very much Amon for your explanations and for your
suggestions, they will be very useful to me.

More information about the rsbac mailing list