da...@lang.hm writes: > except when it makes sense to have ssh root logins enabled (so that > central management tools can do root privilage required functions on the > box for example)
PermitRootLogin without-password is one correct answer here. If your management system is compromised, it's all over no matter what, and randomly generated keys are much harder for an outsider to crack than passwords. another answer is to ssh in as the management user then sudo. I can't come up with a reasonable case for setting PermitRootLogin to yes. _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
