RE: [gentoo-server] Opinion: ssh to root vs sudo

[Longman, Bill]

One point you may want to take into account is the audit trail you get from
sudo. I think it's far better to see who actually logged in and then what
they did. I turn off ssh root login on all my machines, period. My admins
must log in as themselves and then sudo when they need to. I can then see
login activity and sudo activity for any individual with little deniability.
Also, in my experience, simply move the SSH port somewhere other than 22.
I've moved it off that port on most systems and the script kiddies have
simply vanished. It will keep your logs much cleaner!
-- 
gentoo-server@gentoo.org mailing list