On Friday, 15.12.2006 at 15:55 +0800, Tim Post wrote: > Leaving root enabled via SSH, you're doing half of the hacker's work > for them. A half-way house option is to only allow root logins via public/private key, rather than via password. To do this, put PermitRootLogin without-password into sshd_config. This stops any direct password attacks. It is less secure than disabling access to the root account completely, but offers a great deal of convenience that can sometimes be useful. Dave. -- Please don't CC me on list messages! ... Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature