From owner-freebsd-questions@FreeBSD.ORG Tue Apr 13 13:57:26 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3FDE916A4CE for ; Tue, 13 Apr 2004 13:57:26 -0700 (PDT) Received: from mail.elvandar.org (cust.94.120.adsl.cistron.nl [195.64.94.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DABD43D45 for ; Tue, 13 Apr 2004 13:57:23 -0700 (PDT) (envelope-from remko@elvandar.org) Message-ID: <407C5430.2090002@elvandar.org> Date: Tue, 13 Apr 2004 22:57:20 +0200 From: Remko Lodder X-Accept-Language: en-us, en MIME-Version: 1.0 To: scuba@centroin.com.br References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at elvandar.org cc: freebsd-questions@freebsd.org Subject: Re: ssh root denied X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Apr 2004 20:57:26 -0000 > > But, what should be te correct approach when you want to copy > root's files and/or remote execute programs as root with scripts using > scp/ssh and key authentication? > Like: > > scp master.passwd host2:/etc/ > or > ssh host2 'pwd_mkdb -p /etc/master.passwd' > Tar them, chown the user logtransfer, use logtransfer user to transer files. never ever use root for that it's highly insecure ( imho even with key auth ). "remote execute programs" why? cant you locally run them and fetch them with a dedicated lowerlevel account? Root is almighty, use it with precaution, locally , or with su -,sudo. Use it remote, get whacked, everything breaks, too bad. My approach in a "hard" way :-) Cheers > > - Marcelo > -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl A Dutch community for helping newcomers on the hackerscene