CHAPLIN, JAMES (CTR) wrote:
Tom Kern from DOE called me with a good solution, using pubkeys and in
the sshd_conf file, set PermitRootLogin to without-password. Did a
google search on " PermitRootLogin without-password" and got allot of
hits, trying to set up a test right now (phone keeps ringing with other
peoples problem;-0). But this is looking like the best solution. Will
update soon, thanks for the suggestions.
Thanks Tom for pointing me in the right direction.
If you have a dozen public keys in there, how do you know whose key was
used, and that was done?
I quite like the idea of locking root's account, and explaining to the
auditor the door's locked and we've thrown away the key, the point being
there is _no_ password that will allow root to logon.
--
Cheers
John
-- spambait
[email protected] [email protected]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
