Hi,
What I would like to do "securely" is the following.
From one central server invoke a script that does the following.
--Store user/name passwords. (password possibly encrypted in config file)
--From the central server invoke a privileged command (i.e. route add) on multiple servers.
High-level Steps:
User logs in Central Server
User Invokes "the script"
"The Script" --> SSH to <server(s)>, script invokes "privileged command", User has sudo-access to the "privileged command" only (everything should be logged).
Question:
What security issues can I potentially have with the above approach?
Is there other obvious (standard??) way to invoke privileged commands remotely that do not require some sort of agent running on each server? (Do I need an agent on each box??)
Would the new feature of Solaris 10 privileges help me in any way?
Your thoughts/advice on the above would be greatly appreciated.
In general, use SSH to accomplish secure remote command execution. You create a public/private keypair for each user and distribute that user's public keys to all the other machines. Then you can securely have root log into another root host.
Many. If the "privileged command" can be tricked or fooled in some way, the security will be broken. If the "privileged command" is actually a script, there's a good chance this can be broken no matter what. If the command takes input from the user, there's a possibility the security can be broken. On the other hand, doing this is much better than allowing a user root access or allowing the user to run a script with sudo.
Yes, but rsh is deemed broken by nearly all security experts. It works fairly well, however, in a LAN not connected to the internet and in which every NIC is using IPSEC or every port is locked to a MAC-Address, and in which all hostnames are kept statically on the /etc/hosts file of every hosts.
[code]
Would the new feature of Solaris 10 privileges help me in any way?
[/quote]
Yes, but they would not work in a heterogeneous network (mixed with other OS's).