On 10/11/2015 16:47, Michael Orlitzky wrote: > On 11/09/2015 10:26 PM, Jeff Smelser wrote: >> >> The question is, why would you want root login? If your still using it, >> your doing it wrong. > > Maybe, but your argument isn't convincing. How am I better off doing it > your way (what is your way)? > >
The most common way is to disallow all remote logins as root. Admins log in with their personal unpriv account using an ssh key. To become root they must su or sudo -i with a password. Benefits: two factor auth using different mechanisms. Having the key or the password is not enough to become root, an attacker must have both. Allowing root logins directly over the network is considered bad practice, due to the "one mistake = you lose" aspect. -- Alan McKinnon alan.mckin...@gmail.com
