On Wed, Jun 26, 2002 at 04:05:58PM +0200, Christoph Ulrich Scholler wrote:
On Wed, Jun 26, 2002 at 02:11:00PM +0200 or thereabouts,
InfoEmergencias - Luis Gómez wrote:
> Messing up with sshd_config for all the privsep stuff, I've noticed that
> PermitRootLogin was set to yes in my three woody boxes. I usually
> consider this a problem (although it has been my fault - i should have
> checked and noticed this much time ago). What do you think of this?
disallowing direct root logins via ssh provides for auditing. you will
always know which user became root. this is why i keep PermitRootLogin
turned off.
Right, unless you actually want to use keys, which is the whole point.
Just up the logging level and it will say which keys are logging in, and
then you'll never have to transmit your root password to the server.
Using "su root" later is worse than just logging in as root with a key.