[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
William Fidell <william@xxxxxxxxxxxx> writes: > But in common with other repliers I would not allow root login via ssh. > Or, in fact, allow root to log in using any method. Using the > public key type login is sometimes good, and satisfying to set up in a > geeky way. And a great timesaver as well, especially when using scp, and other tools that do similar (some setups of CVS and SVN especially) > Tying down the ip address from which you can log in from has massive > security advantages. That is until you have to log in from another ip > address, for in the case of a emergency, then you are shafted. Nah, then you bounce through another authorised system that is set up differently[1], we have to do it all the time at work. [1] In our case, through my home box, which has logins disabled, and one non-root user account. -- James jamesk[at]homeric[dot]co[dot]uk Spin: encrypt the data holds, batton down thar security patches, argh thar be spyware abound. - from bash.org -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html