| 1 |
Hi! |
| 2 |
|
| 3 |
On Wed, Oct 11, 2006 at 07:01:44PM -0700, Peter Abrahamsen wrote: |
| 4 |
> Which is a better idea, allowing key-only root access, or ssh'ing in |
| 5 |
> as myself and running su/sudo/whatever? Either way, I'll set up |
| 6 |
> iptables so that connection attempts from anywhere other than my |
| 7 |
> office are -j DROP'ed. |
| 8 |
|
| 9 |
I've seen a lot of recommendation to disable ssh root access on the web. |
| 10 |
But I don't think something is wrong with enabling remote root _IF_ |
| 11 |
you allow key-ONLY access (and so make password bruteforcing impossible). |
| 12 |
|
| 13 |
But, from other view, it's safer if you logged as usual user and use sudo |
| 14 |
for executing commands as root (not su!). That's because this way you have |
| 15 |
less chance to run 'as root' commands which doesn't actually require root |
| 16 |
privileges. |
| 17 |
|
| 18 |
But, if 90% of commands which you use while accessing remote |
| 19 |
server require root privileges (which is usual case for remote |
| 20 |
administration task), then I think remote ssh key-only root is ok. |
| 21 |
|
| 22 |
-- |
| 23 |
WBR, Alex. |
| 24 |
-- |
| 25 |
gentoo-server@g.o mailing list |
Archives