cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added a comment

This commit is contained in:
http://joeyh.name/ 2014-04-21 13:31:13 +00:00 committed by admin
parent 6e724af9f7
commit eb7497fd41
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/todo/ssh__95__user_+_sudo/comment_1_3bc008e42587a3313f81ee740d7d80f0._comment Normal file
View File

@ -0,0 +1,10 @@
[[!comment format=mdwn
username="http://joeyh.name/"
ip="209.250.56.214"
subject="comment 1"
date="2014-04-21T13:31:13Z"
content="""
Running propellor that way would probably need ssh to allocate a tty in order for sudo's password prompt to work. And it adds complexity. Does it add security? I don't think so, PermitRootLogin=without-password or PasswordAuthentication=no is not going to let anyone brute force the root account.
PermitRootLogin=forced-commands-only might be worth making easy to set up, so the only command that can be run with some special propellor-specific ssh key is propellor.
"""]]