[Casper] Hidden SSH account
Ernst, Craig S.
ERNSTCS at uwec.edu
Wed Aug 27 03:55:01 PDT 2008
I think that either method is fine as long as there is one account for management that is hidden. I think that's a best practice thing.
Use the QuickAdd stuff from recon if you like to create the account or the command line. I'd take things one step further using command line for security and add another switch:
jamf createAccount -username <username> -realname <realname> -password <password> -home /var/<username> -admin -hiddenUser -secureSSH
My notes about this:
* shell is optional unless you really plan to logon locally with that account on the box and have a preference
* be careful with hiddenUser as I've missed the capital U in there at times
* and secureSSH just sets the box so only that account can access the system via SSH, a little more security, but unless you know these accounts then others who don't but have admin on the box from other accounts like AD groups etc. will not be able to SSH in through terminal if they needed to for some reason. For us this hasn't been a problem thus far. They can still get at the machine in other ways given the right access in the JSS using the othe remote tools.
That's all I got on this one.
Craig E
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080827/6da792c3/attachment.html
More information about the Casper
mailing list