On Thu, Jan 27, 2011 at 07:59:30AM +0000, John Hodrien wrote: > On Thu, 27 Jan 2011, Nico Kadel-Garcia wrote: > > > Wrong again. Never use public key access for root accounts, it simply > > compounds the security risks. Passphrase protected SSH keys can be > Is this actually current doctrine for typical machines? I thought plenty of > people advocated restricting ssh to AllowRoot without-password. What exactly Correct. PermitRootLogin without-password is the recommended approach if you must allow remote root login via ssh It's even better to deny remote root at all (login as normal user then sudo/su as necessary), but practicallity says it's needed, so "without-password" will stop you from being able to use the password and force you to use public keys or other non-password authentication. -- rgds Stephen _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: SSH Automatic Log-on Failure - Centos 5.5
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: SSH Automatic Log-on Failure - Centos 5.5
- From: Stephen Harris <lists@xxxxxxxxxx>
- Date: Thu, 27 Jan 2011 06:45:06 -0500
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <alpine.LFD.2.00.1101270756230.12542@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- User-agent: Mutt/1.4.2.2i
- References:
- SSH Automatic Log-on Failure - Centos 5.5
- From: Always Learning
- Re: SSH Automatic Log-on Failure - Centos 5.5
- From: Indunil Jayasooriya
- Re: SSH Automatic Log-on Failure - Centos 5.5
- From: Nico Kadel-Garcia
- Re: SSH Automatic Log-on Failure - Centos 5.5
- From: John Hodrien
- SSH Automatic Log-on Failure - Centos 5.5
- Prev by Date: Re: SSH Automatic Log-on Failure - Centos 5.5
- Next by Date: Re: Package updates for 5.4?
- Previous by thread: Re: SSH Automatic Log-on Failure - Centos 5.5
- Next by thread: Re: SSH Automatic Log-on Failure - Centos 5.5
- Index(es):
 |