Re: ssh and root logins

To: debian-isp@lists.debian.org
Subject: Re: ssh and root logins
From: Dale E Martin <dmartin@cliftonlabs.com>
Date: Tue, 10 Aug 2004 09:31:38 -0400
Message-id: <[🔎] 20040810133138.GA7300@clifton-labs.com>
In-reply-to: <[🔎] 4118C2CD.6020003@srce.hr>
References: <[🔎] 20040810105256.GA4398@clifton-labs.com> <[🔎] 4118C2CD.6020003@srce.hr>

> /etc/ssh/sshd_config:
> 
> PermitRootLogin no
> 
> You will have to login as ordinary user, and than do "su -".

That's not so convenient for doing nightly rsync backups over ssh though.
I know what keys to expect coming in for this - hence the question about
disallowing password login for root, but still allowing root login with
known keys.
 
> Use tcpwrappers to limit users and IP addresses:
> 
> /etc/hosts.allow:
> 
> sshd: peter@xxx.xxx.xxx.xxx

Currently I have not seen attacks on normal user accounts and don't feel
the tradeoff of limiting normal users (who are all trusted in my case) is
worth the hassle.  Obviously this might not be true any more in the
future.

Thanks,
	Dale
-- 
Dale E. Martin, Clifton Labs, Inc.
Senior Computer Engineer
dmartin@cliftonlabs.com
http://www.cliftonlabs.com
pgp key available

Reply to:

Follow-Ups:
- Re: ssh and root logins
  - From: Bernard Blackham <b-debian@blackham.com.au>

References:
- ssh and root logins
  - From: Dale E Martin <dmartin@cliftonlabs.com>
- Re: ssh and root logins
  - From: Aco Dmitrović <Aco.Dmitrovic@srce.hr>

Prev by Date: Re: ssh and root logins
Next by Date: Re: ssh and root logins
Previous by thread: Re: ssh and root logins
Next by thread: Re: ssh and root logins
Index(es):
- Date
- Thread