1 |
On Samstag 17 Januar 2009, Grant wrote: |
2 |
> >> >> an ssh config setting, in shorewall, or somewhere else? |
3 |
> >> > |
4 |
> >> > You can: |
5 |
> >> > |
6 |
> >> > 1) use pam as described by Mike |
7 |
> >> > |
8 |
> >> > or |
9 |
> >> > |
10 |
> >> > 2) use sshd_config "AllowUsers" |
11 |
> >> |
12 |
> >> Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd |
13 |
> >> is the only service running on the system. |
14 |
> > |
15 |
> > I really would not do that. Instead create a user to log in and su to |
16 |
> > root. Root should not be allowed to log in - way to risky. |
17 |
> |
18 |
> Is the idea to put 2 passwords in the way of gaining root access? |
19 |
|
20 |
one key+username and one password. |
21 |
|
22 |
> The |
23 |
> problem is twice as many passwords to memorize. Even if the 2 |
24 |
> passwords are the same, I suppose they would have to come up with the |
25 |
> username too which is a (thin) extra layer. |
26 |
|
27 |
just use pubkey for ssh. It is much saver anyway. |