>>>>> "Alvin" == Alvin Oga <[EMAIL PROTECTED]> writes:
>> On my own boxen, root passwords were changed from defaults, and >> root ssh denied. I actually stood down my system administrator >> telling him he had no need for a root password on the box -- he >> could administer the box locally if need be, I didn't trust his >> security management (passwords were kept in an Excel >> spreadsheet -- he didn't last long). Alvin> humm...smart... why bother have a "secret passwd" if ya Alvin> gonna write it down... oh well... If you administrate XYZ different computer systems, and each computer has a different root password, it can become very difficult to remember all these passwords (especially if you don't regularly use that particular system). So you either run the risk of forgetting a vital password at a vital time, or you write them down somewhere in a safe place. ...admittedly, I would refrain from writing all my passwords down in the same place. If somebody did manage to get the list, he/she would have access to everything, not just one or two systems! ...also, not sure I would trust Excel, but that is another topic ;-) ...ssh RSA/DSA authentication might be the best solution (assuming you *allow* remote root logins), but only if you always log on from the same trusted computer every time. Not good, for instance, if you accidently break network access to a central server, but can't remember the password to login locally to the console. (Just a thought: perhaps a better solution would be to store these passwords on a computer file, but GPG encrypt them?) -- Brian May <[EMAIL PROTECTED]>