[clue-admin] User setup for "member" accounts
Jed S. Baer
thag at frii.com
Sat Jan 1 12:39:19 MST 2005
On Sat, 1 Jan 2005 11:35:13 -0700
Collins Richey wrote:
> We could (eventually, when we get a round-tuit) setup a cron script to
> scroll through the home directories of the 'members' group looking for
> 'member-email address' (or some such name) files. If the updated
> timestamp has changed, run a script to update the aliases file, run
> the postfix update, and notify the admins(s) and the user via email at
> the new address. All the user would have to do is update his file via
> scp or sftp. Until we get around to that, users can just use the admin
> contact procedure on our website to request alias changes.
Very interesting.
> 1. We need to decide scp or sftp or ??? as the method.
Since OpenSSH provides both, and presumably, since they're built on the
same codebase, they're equally secure, I don't see a reason to pick one or
the other. Members can use whichever suits their needs.
> 2. Whatever method, it seems to me that the best means of
> authentification would be using public keys. So we need a rough draft
> of a HOWTO for users to setup their keys.
$ ssh-keygen
(Pick RSA or DSA, supply something better than 'mydogsname' for a
passphrase)
if RSA:
scp ~/.ssh/id_rsa.pub to
yourlogin at clue.denver.co.us:/home/yourlogin/.ssh/authorized_keys2
(you'll need to enter your CLUE password for this step)
if DSA:
scp ~/.ssh/id_dsa.pub to
yourlogin at clue.denver.co.us:/home/yourlogin/.ssh/authorized_keys2
(you'll need to enter your CLUE password for this step)
> 3. A rough draft HOWTO for users to update their websites using the
> selected method. I'm familiar with scp, for example, but I've never
> used sftp.
man sftp :)
We could be nice and list repositories for getting OpenSSH client
software, and maybe rpm/urpmi/apt/yum/whatever steps?
> 4. If the users do not have login accounts, do we have any other
> worries about malicious users uploading some sort of malware to their
> website area?
Yes. Not sure what we can do about it. In practice, I think it's unlikely,
but then one never knows. The question is what they could do with it, once
it was there. I can think of some possibilites.
jed
--
http://s88369986.onlinehome.us/freedomsight/
Key fingerprint = B027 FEFB 4281 CC72 67D1 4237 F2D0 D356 077A A30E
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list