Wojciech Puchar wrote: > >> need root access, you should use a staff account in the wheel group to >> remotely log into the machine, then su to root. > > or set > > PermitRootLogin yes > > in sshd_conf > > much easier. > >> The fact that remote direct root login is disabled is a security feature, >> meant to prevent things like brute-force attacks on root over the >> network. It's a bad idea to change that behavior, in general. Back when > > just another stupid myth.
As is, of course, all security in depth. Hey, if you want everything riding on one password, more power to you, but you might want to refrain from using phrases like "stupid myth" unless you've got some hard data to back them up. > simply use good passwords. Or a nice little key encrypted with a good pass phrase. Use ssh-agent right and you can make things even easier for yourself. > > having to log through 2 accounts doesn't increase security. actually > increases mess. The only mess I can think of is all that logging that forces a bit of accountability onto all the admins who know the root password. Of course, if you're the only admin, I suppose it doesn't really matter. ;-) --Jon Radel
Description: S/MIME Cryptographic Signature