Am 21.11.2014 um 12:05 schrieb Reindl Harald:
Am 21.11.2014 um 11:55 schrieb Roberto Ragusa:On 11/21/2014 09:42 AM, Reindl Harald wrote:why? because they are servers for specific tasks and *any* non-root login would be followed by "su - root" anyways and for automated rsync scripts backing up data only root has access you need it alsoFor rsync-as-root use cases my usual approach is to create another account with userid=0 and login with ssh on this account. It is not root, but it has the same powers (because the numeric uid is the only thing it really matters). Just wanted to share the trickthanks, but that would alert in lynis checks "PermitRootLogin without-password" after setup key-authentication should be the first action anyways - however i am neutral to any default here since on physical machines no problem and most remote machines are setup as virtual machine and so "local access"
not entirely neutral"PermitRootLogin without-password" instead "PermitRootLogin no" has the same effect until "authorized_keys" got configured but avoids people going mad why the key-auth-setup don't work :-)
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct