LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 04-17-2013, 11:53 AM   #1
wlandymore
LQ Newbie
 
Registered: Dec 2005
Posts: 6

Rep: Reputation: 0
best practices for Linux user authentication


Hey guys,

I was wondering if people had some opinions about the 'best' way to secure local authentication to Linux servers. I'm trying to think of a good way that is scalable and isn't an administrative nightmare.

Something like LDAP for the unique user accounts, chrooting the accounts so that thy have specific commands they can run and if it's not too hard with a lot of servers, using a public/private key to login and disable root login.

Any thoughts about different systems that might make it easier or more secure?
 
Old 04-18-2013, 12:34 AM   #2
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
1. ' local authentication' means not centralised/distributed auth, so the opposite of LDAP.
Which is it you want?

2. if local, then ssh with ssh-auth-keys seems to match.
See also 'PermitRootLogin no' in sshd-config
http://wiki.centos.org/HowTos/Network/SecuringSSH

3. if centralised/distributed; LDAP+TLS
http://www.linuxhomenetworking.com/w...DAP_and_RADIUS

4. chrooting a lot of accts is a fair amt of work unless they are virtually the same, in which case a cfg tool like Puppet may be a soln.
If its just privileged cmds you're worried about, they're not normally available and you can control access with sudo.


5. If this is for a real system, more info would help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Authentication service cannot retrieve authentication info - for new user yosial Linux - Newbie 2 10-29-2008 12:30 AM
Problem With User Authentication in Linux tvsuser Linux - General 1 12-14-2006 06:53 PM
User Authentication - Linux Workstation RH9 with Linux Server RH73 itsops Linux - Networking 0 09-10-2003 12:38 AM


All times are GMT -5. The time now is 09:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration