[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh and root logins

> Would it work to disable all ssh password logins and only allow logins with 
> the proper private key?  

I'm not sure, I'd have to check with my Windows users who do CVS checkouts
via ssh and see if their clients would support that.  I suppose it might
work.  I'd still like to see a way to specify on a per-account basis or at
least see root as a special case.
> I find this most secure--no more worries about password cracks (I just have 
> to worry about the physical security of the USB key on my keychain).

As Russell mentioned, you also have to worry about client security -
physical as well as password security of your user's accounts if they're
coming in on machines that allow password login, etc...  But in general it
might be a better way to go.  I'll mull it over.

Dale E. Martin, Clifton Labs, Inc.
Senior Computer Engineer
pgp key available

Reply to: