Re: ssh and root logins

To: debian-isp@lists.debian.org
Subject: Re: ssh and root logins
From: Dale E Martin <dmartin@cliftonlabs.com>
Date: Tue, 10 Aug 2004 09:38:16 -0400
Message-id: <[🔎] 20040810133816.GB7300@clifton-labs.com>
In-reply-to: <[🔎] 200408101302.06841.mark@easymailings.com>
References: <[🔎] 20040810105256.GA4398@clifton-labs.com> <[🔎] 200408101302.06841.mark@easymailings.com>

> Would it work to disable all ssh password logins and only allow logins with 
> the proper private key?  

I'm not sure, I'd have to check with my Windows users who do CVS checkouts
via ssh and see if their clients would support that.  I suppose it might
work.  I'd still like to see a way to specify on a per-account basis or at
least see root as a special case.
 
> I find this most secure--no more worries about password cracks (I just have 
> to worry about the physical security of the USB key on my keychain).

As Russell mentioned, you also have to worry about client security -
physical as well as password security of your user's accounts if they're
coming in on machines that allow password login, etc...  But in general it
might be a better way to go.  I'll mull it over.

Thanks,
	Dale
-- 
Dale E. Martin, Clifton Labs, Inc.
Senior Computer Engineer
dmartin@cliftonlabs.com
http://www.cliftonlabs.com
pgp key available

Reply to:

Follow-Ups:
- Re: ssh and root logins
  - From: Brett Parker <iDunno@sommitrealweird.co.uk>

References:
- ssh and root logins
  - From: Dale E Martin <dmartin@cliftonlabs.com>
- Re: ssh and root logins
  - From: Mark Bucciarelli <mark@easymailings.com>

Prev by Date: Re: ssh and root logins
Next by Date: Re: ssh and root logins
Previous by thread: Re: ssh and root logins
Next by thread: Re: ssh and root logins
Index(es):
- Date
- Thread