summaryrefslogtreecommitdiff
path: root/doc/todo/ssh__95__user_+_sudo/comment_1_3bc008e42587a3313f81ee740d7d80f0._comment
blob: e0dc1d7f01ce257e4ef81283236a647f93d580b4 (plain)
1
2
3
4
5
6
7
8
9
10
[[!comment format=mdwn
 username="http://joeyh.name/"
 ip="209.250.56.214"
 subject="comment 1"
 date="2014-04-21T13:31:13Z"
 content="""
Running propellor that way would probably need ssh to allocate a tty in order for sudo's password prompt to work. And it adds complexity. Does it add security? I don't think so, PermitRootLogin=without-password or PasswordAuthentication=no is not going to let anyone brute force the root account.

PermitRootLogin=forced-commands-only might be worth making easy to set up, so the only command that can be run with some special propellor-specific ssh key is propellor.
"""]]