Re: shared root account
Am Freitag, 6. Juli 2001 12:19 schrieb Juha Jäykkä:
> > > (Put the public key in the .authorized_keys file for the root user)
> > > TUrn on RSA/DSA authentication and 'allow root login'
> >
> > One word of warning aboce would allow logging in using root password as
> > well
>
> I distrust allowing root logins from anywhere but local console(s)
> or non-modem gettys i.e. from anywhere over the not-owned-by-me cable.
> Any other ideas? Or is it really safe to allow root logins to sshd?
As already stated by someone else in this thread: Just create another user
(say, root1) with UID==0 and GID==0.
No need for direct root logins over the net. Although it should be much more
secure when using SSH compared to say, telnet I would feel uncomfortable,
because direct root login usually means, that you do not know WHO actually
got root when he logs on. SSH to normal user, and the su - root1 at least
tells you in the logs which user account opened the root session... I like to
know what's going on on my systems.
> It is just an old rule of thumb that root must never log on over the
> wire but that may be old news from times of telnet - never had any
> need of root logins over the wire until perhaps now.
--
Patrick Dreker
---------------------------------------------------------------------
> Is there anything else I can contribute?
The latitude and longtitude of the bios writers current position, and
a ballistic missile.
Alan Cox on linux-kernel@vger.kernel.org
Reply to: