Find the answer to your Linux question:
Results 1 to 3 of 3
I hope this is posted in the right area! I am trying to investigate options for Admin access to hundreds of Linux and other UNIX systems. The desire is to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2011
    Posts
    1

    Centralized Linux Root Password administration


    I hope this is posted in the right area!

    I am trying to investigate options for Admin access to hundreds of Linux and other UNIX systems.

    The desire is to adhere to a password policy that says all admin passwords must meet a certain password strength, and also be changed every xx days.

    Would anyone have suggestions on the best approach to achieve this.

    Do not want admins to have to manually update their Sudo / Root accounts on hundreds of servers.

    Would also like the ability to centrally control the level of admin access on the servers as well.

    Greatly appreciate any thoughts or suggestions on how to best go about this. Whether it be open source or commercial products or ideas on ways to script things.

    Thanks a ton

  2. #2
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    There are several ways to do this.
    The best would be john the ripper (imho)
    New Users, please read this..
    Google first, then ask..

  3. #3
    Just Joined!
    Join Date
    Sep 2011
    Posts
    19
    First disable password authentication for root (or, set each root user to a different random password that is 30+ random characters long. Never write down a password. This is a reasonable way to effectively disable the root account)

    Then, configure sshd to allow a root login with key authentication only. Then your administrators can be configured with their own private keys and access to the system can be added or revoked by modifying the authorized_keys file.

    Since they are using private key to authenticate, you never need to worry about a man in the middle problem so long as you're using SSH version 2, which is default on almost all distributions at this point.

    --Eric

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •