>> >> an ssh config setting, in shorewall, or somewhere else? >> > >> > You can: >> > >> > 1) use pam as described by Mike >> > >> > or >> > >> > 2) use sshd_config "AllowUsers" >> >> Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd >> is the only service running on the system. > > I really would not do that. Instead create a user to log in and su to root. > Root should not be allowed to log in - way to risky.
Is the idea to put 2 passwords in the way of gaining root access? The problem is twice as many passwords to memorize. Even if the 2 passwords are the same, I suppose they would have to come up with the username too which is a (thin) extra layer. Is that done with 'AllowUsers user'? - Grant