Perhaps you could create the .ssh files for them, have the .ssh files
owned by another user(i.e. root), and don't give the end-user's write
privileges.
On Fri, 2004-09-10 at 16:08, Alvin Oga wrote:
hi ya chris
there is 2 normal way we do things like this ...
a) we erase their changes if they change it ( trivial )
b) modify the ssh sources ( too much headache )
if they have root passwds, all bets are off ... its a computer
usage policy issue if people will use their linux root skills
to get around corp security and usage policy
c ya
alvin
a) if the users tend to change things... we erase it
( do it via cron on the local pc .. hourly )
if different,
cp /mnt/CentralRepository/ssh_config ~/.ssh/ssh_config
cp /mnt/CentralRepository/known_hosts ~/.ssh/known_hosts
- its easy since you also use automounted rescouces
which can have its "central repository" in each users /home/<user>
so that the centralrepository cannot be removed(bypassed)
otherwise they lose their /home dir stuff
b) modify the source code to only use a predefined config files
instead of looking in ~ before it looks for its system default files
and yes... that's what we do ... and all the other files too
including passwds, shadow, hosts, hosts.allow, resolv.conf, etc,etc
and a additional set of centrally maintained files for www, mail, dns, fw,
backups, etc
I am looking for some ideas on howto lock down ssh for a large
deployment of unix hosts. Specifically, I would like to be able to tell the
ssh cli program to ignore individual users .ssh/ssh_config files and only
reference the global ssh_config file, (eg: /usr/local/etc/ssh_config). Most
of my users home directories are mounted via automounter from a central
location.
I am also looking for a way in which to have ssh only reference a
global known_hosts file (eg: /usr/local/etc/known_hosts) and completely
ignore individual users .ssh/known_hosts entries. Effectively what I want is
a centrally managed and distributed known_hosts file to be used in
conjunction with StrictHostKeyChecking to not allow ssh connections from
hosts not listed in the global known_hosts file. The global known_hosts file
would be a read-only file for everyone but administrators. The use of
StrictHostKeyChecking ties into my desire to ignore users ssh_config files
and rely only on the global file - I don't want users to be able to override
StrictHostKeyChecking. VerifyHostKeyDNS has a great deal of appeal, but a
number of my clients (Sun SSH for example) do not yet support this option.
Also I have some issues with getting a recent bind deployment in place to
support SSHFP keys.
Any input is greatly appreciated.
TIA,
Chris
