Bry8 Star wrote:
> Hi,
> QUESTION:
> what implications are there when using the "root" or a root type of
> account via a port-forwarding ssh-tunnel inside (or on top of)
> another non-root type of user's ssh-tunnel ?
>
> Is such double layer of encryption brings more security or system
> still vulnerable same as single layer of SSH encryption ?
>
<snip>
>
> QUESTION:
> what is/are better practice(s) (to secure CentOS server related to
> SSH) ?
>
> QUESTION/Possible-SOLUTION:
> Should i remove the "root@127.0.0.1" from "AllowUsers" and add
> "PermitRootLogin no" line in /etc/sshd_config file ?
your current setup is a bit complex, I can't comment on whether it gains
you anything compared to direct ssh connection as whatever user you need
to be (not root), and relying on sudo to elevate your admin user's
privileges.
But yes I would recommend disabling root login, and using only keys if
you can (ie disabling passwords).
This could be a useful read:
http://wiki.centos.org/HowTos/Network/SecuringSSH
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
