Hosting Provided By

Re: SSH as root

From: Michael Coulter <mjc(at)bitz.ca>
Date: Thu Jul 03 2003 - 16:43:31 EDT

On Thu, Jul 03, 2003 at 10:20:42AM -0700, Paul Bauer wrote:
> I personally don't allow ssh as root but am now curious as to why this

My personal opinion on this, is that "ssh as root" is not descriptive enough. I believe that the authentication methods root is allowed to use are also important.

In my experience, a happy combination of security and usability is provided in setting things up as follows:

allowing remote root logins only with ssh keys
allowing root to login on the console with a password
making individual root accounts for users. this simplifies shell choices and startup scripts. however.. these accounts have no password, and use ssh keys instead. I also give unique groups here. this has proven handy to tell who made some mysterious file called do_not_delete.txt . You can see the file is owned by root:joeroot so you know it's joe's file, and you can go ask him if it can be deleted now.

Received on Thu Jul 3 20:39:56 2003

This message: [ Message body ]
Next message: Greg A. Woods: "Re: SSH as root"
Previous message: Andrew Raphael: "Re: SSHd, host keys and an active/passive cluster"
In reply to: Paul Bauer: "SSH as root"
In reply to Andy Walden: "Re: SSH as root"
Next in thread: Tim Greer: "Re: SSH as root"
Reply: Tim Greer: "Re: SSH as root"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:00 EDT