Auditors want more security with root to root access via ssh keys

Discussion in 'Server Security' started by dvbell, Jul 11, 2013.

  1. dvbell

    dvbell New Member

    Likes Received:
    Trophy Points:
    I access over 100 SUSE SLES servers as root from my admin server, via ssh sessions using ssh keys, so I don't have to enter a password. My SUSE Admin server is setup in the following manner:

    1) Remote root access is turned off in the sshd_config file.
    2) I am the only user of this admin server.
    3) My user account is not allowed sudo access, so I must use su and know the root password.
    4) ssh keys are setup to the remote servers root accounts.

    What I need, in order to satisfy the auditors, is a password being required when I use ssh. However, the ssh passphrase will not work since it will require a login password at each server. I need something that will require a password once, so I can do a script to hit all servers without having to enter a password at each server the script hits.

    Any ideas? Thanks in advance.
  2. Rob

    Rob Administrator Staff Member

    Likes Received:
    Trophy Points:
    You can set up a password for your ssh key - most breeze buy it during ssh-keygen. It would require putting your key on all those servers again however since it would re-create it.

Share This Page