On Mon, 2004-11-01 at 12:11 +0100, Luis Fernando Llana Díaz wrote: > Hi all, > I have a doubt. I ussually use ssh to access remote machines > without sending any password (PasswordAuthentication no) and I > store private keys with the help of ssh-agent. > This is valid also to login as another users (including root) > in the local machine (ssh root@localhost). With the help of ssh > agent, on can open several root sessions by only asking one > password: the one of my private key "id_rsa". In this way I void > tping a root password any time I want to be root. > It is very easy for me to work this way, but I would to know if > there could be aware of any possible security problems to do so. > The only problem is that if I make ssh root@localhost, its gain > root privileges whitout asking any password. You are right to fear. Disable root logins via ssh, and use su and sudo on the remote box to do root stuff. -- ----------------------------------------------------------------- Ron Johnson, Jr. Jefferson, LA USA PGP Key ID 8834C06B "Would you mind not firing on the thermonuclear weapons?" A great line, from a *great* action flick: Broken Arrow
Attachment:
signature.asc
Description: This is a digitally signed message part