Re: SSH Automatic Log-on Failure - Centos 5.5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, Jan 27, 2011 at 07:59:30AM +0000, John Hodrien wrote:
> On Thu, 27 Jan 2011, Nico Kadel-Garcia wrote:
> 
> > Wrong again. Never use public key access for root accounts, it simply
> > compounds the security risks. Passphrase protected SSH keys can be

> Is this actually current doctrine for typical machines?  I thought plenty of
> people advocated restricting ssh to AllowRoot without-password.  What exactly

Correct.
  PermitRootLogin without-password
is the recommended approach if you must allow remote root login via ssh

It's even better to deny remote root at all (login as normal user
then sudo/su as necessary), but practicallity says it's needed, so
"without-password" will stop you from being able to use the password
and force you to use public keys or other non-password authentication.

-- 

rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux