Re: shared root account

To: Juha Jäykkä <juolja@utu.fi>
Cc: Just a friendly Jedi Knight <jedi@plukwa.net>, Mark Janssen <maniac@markjanssen.homeip.net>, debian-security@lists.debian.org
Subject: Re: shared root account
From: Matt Hope <matth@cse.unsw.edu.au>
Date: Sat, 7 Jul 2001 16:00:02 +1000
Message-id: <[🔎] 20010707160002.C17462@cse.unsw.edu.au>
Mail-followup-to: Juha Jäykkä <juolja@utu.fi>, Just a friendly Jedi Knight <jedi@plukwa.net>, Mark Janssen <maniac@markjanssen.homeip.net>, debian-security@lists.debian.org
In-reply-to: <[🔎] Pine.SOL.4.30.0107061316090.24585-100000@alya.utu.fi>; from juolja@utu.fi on Fri, Jul 06, 2001 at 13:19:24 +0300
References: <[🔎] 20010706120235.B8572@plukwa.net> <[🔎] Pine.SOL.4.30.0107061316090.24585-100000@alya.utu.fi>

On Fri, 06 Jul 2001, Juha J?ykk? <juolja@utu.fi> wrote...

: > > (Put the public key in the .authorized_keys file for the root user)
: > > TUrn on RSA/DSA authentication and 'allow root login'
: >  One word of warning aboce would allow logging in using root password as well
: 
:   I distrust allowing root logins from anywhere but local console(s)
: or non-modem gettys i.e. from anywhere over the not-owned-by-me cable.
:   Any other ideas? Or is it really safe to allow root logins to sshd?
: It is just an old rule of thumb that root must never log on over the
: wire but that may be old news from times of telnet - never had any
: need of root logins over the wire until perhaps now.

Try using ssh keys, as described above, however, in the
~root/.ssh/authorised_keys file, prepend all the keys with 
from="127.0.0.1"

/dopey

Reply to:

References:
- Re: shared root account
  - From: Just a friendly Jedi Knight <jedi@plukwa.net>
- Re: shared root account
  - From: Juha Jäykkä <juolja@utu.fi>

Prev by Date: Re: shared root account
Next by Date: Re: shared root account
Previous by thread: Re: shared root account
Next by thread: Re: shared root account
Index(es):
- Date
- Thread