[NBLUG/talk] Root and SSH questions..
Ross Thomas
spamb8r at netscape.net
Wed Sep 17 16:37:00 PDT 2003
E Frank Ball wrote:
> On Wed, Sep 17, 2003 at 03:44:55PM -0700, Steve Johnson wrote:
> }
> } I always leave root login not allowed on my sshd_config.. So I'm
> } wondering how bad would it be to allow root into ssh? Am I asking for
> } problems with this?
>
>
> I'd go ahead and allow root login via ssh, but turn off passwords:
>
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication no
>
> And only allow ssh key pairs for logging in.
And for the truly paranoid (especially in light of the recent OpenSSH
vulnerability) you can also restrict the keys by source IP and/or
restrict the actions it can perform. This is done in the authorized_keys
file.
HTH.
Ross.
More information about the talk
mailing list