[scponly] scponly for root user

wbr oblyr joe at sublimation.org
Fri Sep 16 12:47:51 EDT 2011


I want to stress that the problem here isn't that "allowing root login
is insecure" - the problem is that changing the root shell to a
non-interactive shell may have adverse effects on the health your
system.  There are a few areas where the system may use the root shell
in unexpected ways, such as booting single user mode in the event of
disaster recovery, or maybe processing crontab entries for example.
Testing these various concerns will vary from system to system as
scponly runs across many types of UNIX, I'd be wary of accepting
someone else's testimony of whether any given subsystem was ok with
this change or not.

Of course, it's up to you, I'm just volunteering an opinion.

joe

On Fri, Sep 16, 2011 at 9:29 AM, Johan Heikkilä
<johan.heikkila at gmail.com> wrote:
> 2011/9/15 Sam Chin <smch1 at hotmail.com>:
>> Can i use scponly for root user? I do NOT permit root remotely login but
>> would like root to be able to scp/sftp. I have installed scponly and changed
>> the root shell to scponly shell. A super user with root privileges login
>> into the system was not able to sudo to root.
>
> Hi Sam,
>
> configure your ssh server to allow remote root login with an ssh
> pre-shared key. This is quite secure.
>
> Regards,
> Johan
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
>



More information about the scponly mailing list