[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to make Debian less fragile (long and philosophical)



* Justin Wells said:
> 
> On Fri, Aug 20, 1999 at 09:20:58PM +0200, Marek Habersack wrote:
> 
> > So, indeed, the only reasonable way is to create another UID 0 account which
> > would allow ssh login with a static shell. However, to minimize the burden
> > of password maintenance of two privileged accounts, I think the account
> > should have a * as a password and RSA/DSA should be used to log onto that
> > account. It seems to me it's quite a secure method and one that requires the
> > potential user of this way of logging onto that account to set it up and
> > thus to understand the way things work. Comments?
> 
> In that case you wouldn't be able to 'su' to the static root shell; and 
> you wouldn't be able to log in on the console. 
yes, the console poses a problem, but you don't need su to the static root
shell - you can use ssh both locally and from the outside.

marek

Attachment: pgpYVgXTbFIJ2.pgp
Description: PGP signature


Reply to: