Secure remote shell

Girish Venkatachalam girishvenkatachalam at
Wed Nov 28 21:18:21 PST 2007

On 11:28:24 Nov 29, Olivier Nicole wrote:
> Hi,
> Part of (un)registerings users on my system consists in connecting to
> various servers to add the user account to some services:
> Registering users is done wia a web page, and the web server will
> remote execute a script on the mail server to add the users in the
> aliases and run newaliases, remote execute a script to the radius
> server to add the user in the radius tables and restart radius, etc.
> Of course all the remote execution should be done as root :(

No. Use sudo(8)

And tighten it up. Giving remote users root access should never ever be

Typically each user should run a suid script or something.

> So far, one specific user from the web server can rsh -l root to the

rsh? Are you living in a cave? :)

ssh(8) was released several years ago.

rsh is horribly insecure and broken whereas ssh(8) has an excellent
security track record.


More information about the freebsd-questions mailing list