Different root passwords

Hi,

Is it possible to have in Linux different root passwords, for the same=20
machine: one for accessing it inside the intranet and another for=20
accessing through the internet ?

I know FreeBSD does this.

Any help would be appreciated.

Warm Regards.
--=20
M=E1rio Gamito
Administração de sistemas e desenvolvimento
Netual - Multim=E9dia e Telecomunicações, Lda.
Rua Jo=E3o Afonso, N=BA1
3800-198 Aveiro - Portugal
Tel. +351 234 371 431 / Fax. +351 234 371 438
E-mail: gamito@netual.pt
www.netual.pt
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" =
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Different root passwords

On Thu, 09 Dec 2004 20:31:46 +0000, M=E1rio Gamito w=
rote:
> Is it possible to have in Linux different root passwords, for the sam=
e
> machine: one for accessing it inside the intranet and another for
> accessing through the internet ?
>=20
> I know FreeBSD does this.

Can you send a link to documentation on this feature in FreeBSD? I'm
having difficulty understanding the purpose of it, though I'm sure it
can be accomplished.

In general, allowing access to remote root logins by password alone is
not something I'd recommend. If you want to restrict access by
interface, a much more secure mechanism is to use SSH keys and
restrict access by interface by SSH keys. The different keys can have
different passphrases, which sounds like it would do what you want.

There are other ways of restricting access by interface, though it is
difficult to know which will work for you without understanding the
mechanism of the FreeBSD feature you wish to emulate.

thornton
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" =
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Different root passwords

On Thu, Dec 09, 2004 at 08:31:46PM +0000, M?rio Gamito wrote:
> Hi,
>
> Is it possible to have in Linux different root passwords, for the same
> machine: one for accessing it inside the intranet and another for
> accessing through the internet ?

I suppose one way to do this would be to set up 2 root accounts. This is done
by adding another user, and then manually changing the uid in /etc/passwd for
that user to 0. The 2 users (one of which will probably be called 'root') can
have different passwords.

Then set up internet access so that only one of the root users is permitted to
log in, and set up intranet access so that only the other root user may
log in (normally, it will be the user called 'root' that can only log in via
the intranet).

>
> I know FreeBSD does this.

I am not familiar with how FreeBSD manages this.

>
> Any help would be appreciated.
>
> Warm Regards.

--
Infinite complexity begets infinite beauty.
Infinite precision begets infinite perfection.

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Different root passwords

Hi Thornton,

>>I know FreeBSD does this.
>=20
>=20
> Can you send a link to documentation on this feature in FreeBSD? I'm
> having difficulty understanding the purpose of it, though I'm sure it
> can be accomplished.
It's in Absolute FreeBSD book.

Regards.
--=20
M=E1rio Gamito
Administração de sistemas e desenvolvimento
Netual - Multim=E9dia e Telecomunicações, Lda.
Rua Jo=E3o Afonso, N=BA1
3800-198 Aveiro - Portugal
Tel. +351 234 371 431 / Fax. +351 234 371 438
E-mail: gamito@netual.pt
www.netual.pt
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" =
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Different root passwords

Jim C. Brown wrote:
> On Thu, Dec 09, 2004 at 08:31:46PM +0000, M?rio Gamito wrote:
>
>>Hi,
>>
>>Is it possible to have in Linux different root passwords, for the same
>>machine: one for accessing it inside the intranet and another for
>>accessing through the internet ?
>
>
> I suppose one way to do this would be to set up 2 root accounts. This is done
> by adding another user, and then manually changing the uid in /etc/passwd for
> that user to 0. The 2 users (one of which will probably be called 'root') can
> have different passwords.

or: useradd -o -u0 secondroot

Far better than allowing users to remotely login as root is to
allow specific NON-root users to login and execute root-perm
commands via the sudo command functionality.

Generally, if you allow remote root logins, you should do so via
rsa key logins... This requires people doing remote logins to have
both an authorized ssh key and the the password to decrypt it.

When you have SSH keys, you can also permit that key to only execute
specific commands (which makes life much safer).
( `man sshd` for more info on the authorized_keys file)

--
Stephen Samuel +1(604)876-0426 samuel@bcgreen.com
http://www.bcgreen.com/~samuel/
Powerful committed communication. Transformation touching
the jewel within each person and bringing it to light.
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs