"Scott" == Scott Francis <darkuncle@darkuncle.net> writes:
Scott> You don't _have_ logins directly to 4000 machines. You have Scott> a central admin host (or five) with user-level Scott> accounts. Those user-level accounts can 'sudo ssh <target>' Scott> to accomplish things as root on the remote boxes. umm... i think you have it backwards. better would be: the admins have logins on the remote machines, with no local password and rsa keys disabled. the remote machines trust the admin machines and do host based authentication. most admins may or may not have root on the admin machine. admins have normal user accounts on the admin box. sudo is set up on the remote ones. admin then does 'ssh foobar sudo blah' to accomplish something as root on the remote boxes without loggin in as directly as root. ever. (for a remote root shell, 'ssh -t foobar sudo su -' or similar) the main difference is it leaves an audit trail of who is doing what where as root -- with 4000 machines, you are doing remote logging, no? Scott> All of which can be handled with sudo, without giving away Scott> the keys to the castle. >> Sorry to ruffle your dogma. Scott> Not dogma, just best practice. since when does best practice entail logging in directly as root over the network? -- William Waites <ww@styx.org> Idiosyntactix Research Laboratories http://www.irl.styx.org