Re: ssh and root logins
> Would it work to disable all ssh password logins and only allow logins with
> the proper private key?
I'm not sure, I'd have to check with my Windows users who do CVS checkouts
via ssh and see if their clients would support that. I suppose it might
work. I'd still like to see a way to specify on a per-account basis or at
least see root as a special case.
> I find this most secure--no more worries about password cracks (I just have
> to worry about the physical security of the USB key on my keychain).
As Russell mentioned, you also have to worry about client security -
physical as well as password security of your user's accounts if they're
coming in on machines that allow password login, etc... But in general it
might be a better way to go. I'll mull it over.
Dale E. Martin, Clifton Labs, Inc.
Senior Computer Engineer
pgp key available