[clue-admin] User setup for "member" accounts

Jed S. Baer thag at frii.com
Sat Jan 1 12:39:19 MST 2005 

On Sat, 1 Jan 2005 11:35:13 -0700
Collins Richey wrote:

> We could (eventually, when we get a round-tuit) setup a cron script to
> scroll through the home directories of the 'members' group looking for
> 'member-email address' (or some such name) files. If the updated
> timestamp has changed, run a script to update the aliases file, run
> the postfix update, and notify the admins(s) and the user via email at
> the new address. All the user would have to do is update his file via
> scp or sftp. Until we get around to that, users can just use the admin
> contact procedure on our website to request alias changes.

Very interesting.

> 1. We need to decide scp or sftp or ??? as the method.

Since OpenSSH provides both, and presumably, since they're built on the
same codebase, they're equally secure, I don't see a reason to pick one or
the other. Members can use whichever suits their needs.

> 2. Whatever method, it seems to me that the best means of
> authentification would be using public keys. So we need a rough draft
> of a HOWTO for users to setup their keys.

$ ssh-keygen

(Pick RSA or DSA, supply something better than 'mydogsname' for a
passphrase)

if RSA:
scp ~/.ssh/id_rsa.pub to
yourlogin at clue.denver.co.us:/home/yourlogin/.ssh/authorized_keys2
(you'll need to enter your CLUE password for this step)

if DSA:
scp ~/.ssh/id_dsa.pub to
yourlogin at clue.denver.co.us:/home/yourlogin/.ssh/authorized_keys2
(you'll need to enter your CLUE password for this step)

> 3. A rough draft HOWTO for users to update their websites using the
> selected method. I'm familiar with scp, for example, but I've never
> used sftp.

man sftp :)

We could be nice and list repositories for getting OpenSSH client
software, and maybe rpm/urpmi/apt/yum/whatever steps?

> 4. If the users do not have login accounts, do we have any other
> worries about malicious users uploading some sort of malware to their
> website area?

Yes. Not sure what we can do about it. In practice, I think it's unlikely,
but then one never knows. The question is what they could do with it, once
it was there. I can think of some possibilites.

jed

-- 
http://s88369986.onlinehome.us/freedomsight/
Key fingerprint = B027 FEFB 4281 CC72 67D1  4237 F2D0 D356 077A A30E
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier

More information about the clue-admin mailing list