On Thu, 2007-02-08 at 16:55 +0100, Theo Band wrote:
> I would advice these changes to the "default" sshd_config settings:
>
> PermitRootLogin without-password
> AuthorizedKeysFile /just_a_dir/authorized_keys/%u
> PasswordAuthentication no
> UsePAM yes
>
> This will give you control of access if at least the
> /just_a_dir/authorized_keys folder is not writeable for the world (the
> keys need to readable, not writeable for the user that tries to log on)
Like someone else has mentioned, we do not allow remote root logins of
any kind. In fact, we have disabled root from logging in at all (even
from the console). We set up sudo for users that may need root
privileges.
We decided to do this as sudo gives better logging options of anything
that happens while root. If there was anytime where we actually need a
full root prompt, we could always do sudo -s to get a full root prompt.
--
Doug
Registered Linux User #285548 (http://counter.li.org)
----------------------------------------
Random Thought:
What is comedy? Comedy is the art of making people laugh without making
them puke.
-- Steve Martin
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
