* Justin Wells said: > > On Fri, Aug 20, 1999 at 09:20:58PM +0200, Marek Habersack wrote: > > > So, indeed, the only reasonable way is to create another UID 0 account which > > would allow ssh login with a static shell. However, to minimize the burden > > of password maintenance of two privileged accounts, I think the account > > should have a * as a password and RSA/DSA should be used to log onto that > > account. It seems to me it's quite a secure method and one that requires the > > potential user of this way of logging onto that account to set it up and > > thus to understand the way things work. Comments? > > In that case you wouldn't be able to 'su' to the static root shell; and > you wouldn't be able to log in on the console. yes, the console poses a problem, but you don't need su to the static root shell - you can use ssh both locally and from the outside. marek
Attachment:
pgpS9K97xdY4Z.pgp
Description: PGP signature