which is better for sudo: ldap accounts or sudo auto via ssh keys?

Aleksandr Miroslav alexmiroslav at gmail.com
Thu Dec 26 21:02:02 UTC 2013

I have a bunch of servers that I'm trying to tighten down.

>From a security standpoint, which would be more secure:

- having users login from an ldap account and use that same password
to authorize themselves to sudo

- or do away with passwords entirely and have them login with ssh keys
only (easy to do) and then authenticate to sudo with ssh keys (from a
search, apparently this is doable). I would also like to enforce that
the ssh-keys have passwords on them


More information about the freebsd-questions mailing list