Re: Disabling Password authenitication with SSH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, 2007-02-08 at 16:55 +0100, Theo Band wrote:
> I would advice these changes to the "default" sshd_config settings:
> 
> PermitRootLogin without-password
> AuthorizedKeysFile    /just_a_dir/authorized_keys/%u
> PasswordAuthentication no
> UsePAM yes
> 
> This will give you control of access if at least the 
> /just_a_dir/authorized_keys folder is not writeable for the world (the 
> keys need to  readable, not writeable for the user that tries to log on)

Like someone else has mentioned, we do not allow remote root logins of
any kind. In fact, we have disabled root from logging in at all (even
from the console). We set up sudo for users that may need root
privileges.

We decided to do this as sudo gives better logging options of anything
that happens while root. If there was anytime where we actually need a
full root prompt, we could always do sudo -s to get a full root prompt.
--
Doug

Registered Linux User #285548 (http://counter.li.org)
----------------------------------------
Random Thought:
What is comedy?  Comedy is the art of making people laugh without making
them puke.
		-- Steve Martin

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux