Re: root via ssh / why su - ?
>>>>> "Alvin" == Alvin Oga <aoga@Mail.Linux-Consulting.com> writes:
>> On my own boxen, root passwords were changed from defaults, and
>> root ssh denied. I actually stood down my system administrator
>> telling him he had no need for a root password on the box -- he
>> could administer the box locally if need be, I didn't trust his
>> security management (passwords were kept in an Excel
>> spreadsheet -- he didn't last long).
Alvin> humm...smart... why bother have a "secret passwd" if ya
Alvin> gonna write it down... oh well...
If you administrate XYZ different computer systems, and each computer
has a different root password, it can become very difficult to
remember all these passwords (especially if you don't regularly use
that particular system). So you either run the risk of forgetting a
vital password at a vital time, or you write them down somewhere in a
safe place.
...admittedly, I would refrain from writing all my passwords down in
the same place. If somebody did manage to get the list, he/she would
have access to everything, not just one or two systems!
...also, not sure I would trust Excel, but that is another topic ;-)
...ssh RSA/DSA authentication might be the best solution (assuming you
*allow* remote root logins), but only if you always log on from the
same trusted computer every time. Not good, for instance, if you
accidently break network access to a central server, but can't
remember the password to login locally to the console.
(Just a thought: perhaps a better solution would be to store these
passwords on a computer file, but GPG encrypt them?)
--
Brian May <bam@debian.org>
Reply to: