| 1 |
On 10/11/2015 16:47, Michael Orlitzky wrote: |
| 2 |
> On 11/09/2015 10:26 PM, Jeff Smelser wrote: |
| 3 |
>> |
| 4 |
>> The question is, why would you want root login? If your still using it, |
| 5 |
>> your doing it wrong. |
| 6 |
> |
| 7 |
> Maybe, but your argument isn't convincing. How am I better off doing it |
| 8 |
> your way (what is your way)? |
| 9 |
> |
| 10 |
> |
| 11 |
|
| 12 |
The most common way is to disallow all remote logins as root. Admins log |
| 13 |
in with their personal unpriv account using an ssh key. To become root |
| 14 |
they must su or sudo -i with a password. |
| 15 |
|
| 16 |
Benefits: two factor auth using different mechanisms. Having the key or |
| 17 |
the password is not enough to become root, an attacker must have both. |
| 18 |
|
| 19 |
Allowing root logins directly over the network is considered bad |
| 20 |
practice, due to the "one mistake = you lose" aspect. |
| 21 |
|
| 22 |
-- |
| 23 |
Alan McKinnon |
| 24 |
alan.mckinnon@×××××.com |
Archives