Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Aug 2011
Centralized Linux Root Password administration
I am trying to investigate options for Admin access to hundreds of Linux and other UNIX systems.
The desire is to adhere to a password policy that says all admin passwords must meet a certain password strength, and also be changed every xx days.
Would anyone have suggestions on the best approach to achieve this.
Do not want admins to have to manually update their Sudo / Root accounts on hundreds of servers.
Would also like the ability to centrally control the level of admin access on the servers as well.
Greatly appreciate any thoughts or suggestions on how to best go about this. Whether it be open source or commercial products or ideas on ways to script things.
Thanks a ton
- Join Date
- Sep 2011
First disable password authentication for root (or, set each root user to a different random password that is 30+ random characters long. Never write down a password. This is a reasonable way to effectively disable the root account)
Then, configure sshd to allow a root login with key authentication only. Then your administrators can be configured with their own private keys and access to the system can be added or revoked by modifying the authorized_keys file.
Since they are using private key to authenticate, you never need to worry about a man in the middle problem so long as you're using SSH version 2, which is default on almost all distributions at this point.