Just a friendly Jedi Knight wrote:
> On Fri, Jul 06, 2001 at 01:19:24PM +0300, Juha Jäykkä wrote:
>
>> I distrust allowing root logins from anywhere but local console(s)
>>or non-modem gettys i.e. from anywhere over the not-owned-by-me cable.
>>
> umm do You want to run in circles from one machine to another? ;o))
> if not than You need to remotely logon somehow, right?
> i think that ssh'ing into the machine and than than su'ing to root is no
> different than ssh'ing directly as root into that machine...
> (well when You do a su You leave a trace in logs of that fact, while You are
> directly ssh'ing into there is no info in logs on who actually logged on as
> root; there is some patch to <<at least partialy>> fix the latter and it was
> mentioned on debian-devel i think)
Disable every direct root login altogether (suppress root's password)
and add anyone who needs root access to your /etc/sudoers file (if
necessary, apt-get install sudo, of course). Need a root shell? sudo
bash, and you're using only your own password ...
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
